Apache Shiro Series (1)

What is Apache Shiro, the security framework.

36,000 subjects are described in this way:

Apache Shiro (Castle) is a powerful, easy-to-use Java security framework that provides authentication, authorization, encryption, and session management capabilities that provide security for any application-from command-line applications to mobile apps to large networks and enterprise applications. Shiro provides an API to protect your app to address the following issues, which I like to call the four elements of application security: Authentication-user identification, often referred to as the user "login"; Authorization-access control; Password encryption-protect or hide data from being peeping; Session Management-The time-sensitive state associated with each user. Shiro also supports a number of ancillary features, such as Web application security, unit testing, and multithreading, which reinforce the four elements mentioned above.

Four basic functions:

Authentication (authentication)---user identification.

Authorization (Authorization)---access control process and determines "what" can be accessed by "certification (WHO)".

Session Management---Manage the user's session (sessions) to manage the user's time-related state in an environment that does not have a Web container.

Encryption (cryptography)---use cryptographic algorithms to protect data more securely, preventing data from being peeping.

Additional features support and enhance:

Web support: Web program security can be implemented easily with Shiro's Web support API.

Caching:caching is a one-class citizen in the Apache Shiro API, ensuring that safe authentication is fast and effective. Concurrency (Concurrency): Apache Shiro supports multithreading.

Test (testing): Support testing to help you develop units and comprehensive test procedures to ensure that your code is securely certified as you expect.

"Run as": Allows users to use other user identities (if allowed), which is useful in performing some administrative corner books.

"Remember Me": The user's identity is remembered throughout the session (sessions), and the user only needs to log in if the program forces a login.

That's a very nice look, huh! (Wait and see ...) ）

Apache Shiro official website address: http://shiro.apache.org/

Recommended to open in Firefox browser, the reason is: Firefox support translation.

See here I was stunned, but very good ha, continue to see Doc ...

Okay, back to the beginning.

Recommend a good blog post, Https://stormpath.com/blog/new-rbac-resource-based-access-control

H57 Shiro Project setupspring MVC + Shiro + myBatis + JSR-303 Validation
Https://github.com/bubba-h57/H57_Shiro

Reprint please indicate the source, thank you! Do not have permission to add a watermark to the relevant pictures of this article without authorization!

Apache Shiro Series (1)