Apache Shiro Series (1)

Source: Internet
Author: User

What is Apache Shiro, the security framework.

36,000 subjects are described in this way:

Apache Shiro (Castle) is a powerful, easy-to-use Java security framework that provides authentication, authorization, encryption, and session management capabilities that provide security for any application-from command-line applications to mobile apps to large networks and enterprise applications.

Shiro provides an API to protect your app to address the following issues, which I like to call the four elements of application security:

Authentication-user identification, often referred to as the user "login";

Authorization-access control;

Password encryption-protect or hide data from being peeping;

Session Management-The time-sensitive state associated with each user.

Shiro also supports a number of ancillary features, such as Web application security, unit testing, and multithreading, which reinforce the four elements mentioned above.

Four basic functions:

Authentication (authentication)---user identification.

Authorization (Authorization)---access control process and determines "what" can be accessed by "certification (WHO)".

Session Management---Manage the user's session (sessions) to manage the user's time-related state in an environment that does not have a Web container.

Encryption (cryptography)---use cryptographic algorithms to protect data more securely, preventing data from being peeping.

Additional features support and enhance:

Web support: Web program security can be implemented easily with Shiro's Web support API.

Caching:caching is a one-class citizen in the Apache Shiro API, ensuring that safe authentication is fast and effective. Concurrency (Concurrency): Apache Shiro supports multithreading.

Test (testing): Support testing to help you develop units and comprehensive test procedures to ensure that your code is securely certified as you expect.

"Run as": Allows users to use other user identities (if allowed), which is useful in performing some administrative corner books.

"Remember Me": The user's identity is remembered throughout the session (sessions), and the user only needs to log in if the program forces a login.

That's a very nice look, huh! (Wait and see ...) )

Apache Shiro official website address: http://shiro.apache.org/

Recommended to open in Firefox browser, the reason is: Firefox support translation.

See here I was stunned, but very good ha, continue to see Doc ...

Okay, back to the beginning.

Recommend a good blog post, Https://stormpath.com/blog/new-rbac-resource-based-access-control

H57 Shiro Project setupspring MVC + Shiro + myBatis + JSR-303 Validation
Https://github.com/bubba-h57/H57_Shiro

Reprint please indicate the source, thank you! Do not have permission to add a watermark to the relevant pictures of this article without authorization!

Apache Shiro Series (1)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.