Function Introduction Authentication: Identity Authentication/Login, verify that the user has the corresponding identity;
Authorization: Authorization, which is permission authentication, verifies whether a authenticated user has a permission;
Whether the user can do things, such as: To verify that a person has a role. or fine-grained validation of a
User has a certain permission on a resource;
Session Manager: Conversation Management, which is a session after a user logs in, all its letters before exiting
The session can be a normal javase environment, or it can be a Web environment;
Cryptography: Encryption, protection of data security, such as password encryption stored in the database, rather than plaintext storage;
Web Support:web support, can be very easy to integrate into the web environment;
Caching: A cache, such as when a user logs in, their user information, the roles/permissions they have, do not need to be checked every time, so that
Improve efficiency;
Concurrency:shiro supports concurrent authentication for multithreaded applications, such as opening another thread in one thread to
Automatic transmission of authority to the past;
Testing: Provide testing support;
Run as: Allows one user to pretend to access the identity of another user (if they allow);
Remember me: Remember me, this is a very common feature, that is, once logged in, the next time you come back without logging in
The
Subject: Subject, you can see that the subject can be any "user" that can interact with the application;
SecurityManager: Equivalent to Dispatcherservlet in SPRINGMVC or Struts2
Filterdispatcher; is the heart of Shiro; All specific interactions are controlled by SecurityManager;
Manages all Subject, and is responsible for authentication and authorization, and session and cache management.
Authenticator: The authenticator, responsible for the principal authentication, which is an extension point if the user feels Shiro the default
Not good, can be customized implementation, it requires authentication policy (authentication strategy), that is, the circumstances of the user
The certification passed;
Authrizer: An authorization, or access controller, used to determine whether the principal has permission to perform the appropriate operation;
What functions the user can access in the application;
Realm: There can be 1 or more realms, which can be considered as security entity data sources, i.e. for obtaining security entities;
Can be either a JDBC implementation or an LDAP implementation, or a memory implementation, etc.; NOTE: Shiro
Do not know where your users/permissions are stored and in what format; so we generally need to implement our own in the application
Realm;
SessionManager: If you write a Servlet, you should know the concept of the session, which requires someone to manage it.
Its life cycle, this component is SessionManager, and Shiro not only can be used in the WEB environment, but also
It can be used in the environment such as ordinary javase environment, EJB, etc. all, Shiro has abstracted a Session of his own.
To manage the data that interacts between the subject and the app, so that, for example, we use it in a WEB environment, at first it's a
Web server, and then on the EJB server, then you want to put the session data of the two servers in one place,
At this point, you can implement your own distributed session (such as putting data on the Memcached server);
Sessiondao:: DAO Everyone has used, data access objects, for session CRUD, for example we want to put the session
Save to the database, you can implement your own Sessiondao, write to the database, such as JDBC, to
The Session is put into the Memcached, you can realize your own Memcached Sessiondao; another Sessiondao
Cache can be used to improve performance;
CacheManager: Cache controller to manage caches such as users, roles, permissions, and so on, because these data are basically
The performance of the access can be improved by placing it in the cache.
Cryptography: Cipher module, Shiro improves some common cryptographic components for password encryption/decryption.
By the end of this Shiro architecture and its components, learn the components of Shiro next to each other.
BASIC Table Structure Resources: Representing menu elements, page button elements, and so on, menu elements used to display the interface menu, page buttons are actions that each page can take, such as adding, modifying, deleting buttons, using type to differentiate element types (such as menu for menus, button for buttons), priority is the ordering of elements , such as the menu display order, permission, such as the user menu to use user:*, that is, the user has user:* permissions after the menu is granted to the user, such as the user New button to use User:create, that is, the user New button authorized to the user, the user has User:create permission; Available indicates whether the resource is available, such as menu display/not displayed.
Role: role represents a character identifier, such as admin, used for background judgment, description represents a role description, such as a super administrator, used for front-end display to the user, and Resource_ids represents a list of resources owned by the role, that is, the role has a list of permissions (show roles) , that is, the role is a collection of permission strings; available Indicates whether the role is available.
Organization: Name indicates the organization, priority is the sort of organization, that is, the order of display; available Indicates whether the organization is available.
User: Username represents a user name, Role_ids represents a list of roles owned by the user, and can then get a list of their permission strings through the role, locked indicates whether the user is locked out.
Shiro System Architecture Subject: Subject, you can see that the subject can be any "user" that can interact with the application;
SecurityManager: Equivalent to Dispatcherservlet in SPRINGMVC or Struts2
Filterdispatcher; is the heart of Shiro; All specific interactions are controlled by SecurityManager;
Manages all Subject, and is responsible for authentication and authorization, and session and cache management.
Authenticator: The authenticator, responsible for the principal authentication, which is an extension point if the user feels Shiro the default
Not good, can be customized implementation, it requires authentication policy (authentication strategy), that is, the circumstances of the user
the certification passed;
Authrizer: An authorization, or access controller, used to determine whether the principal has permission to perform the appropriate operation;
What functions the user can access in the application;
Realm: There can be 1 or more realms, which can be considered as security entity data sources, i.e. for obtaining security entities;
Can be either a JDBC implementation or an LDAP implementation, or a memory implementation, etc.; NOTE: Shiro
Do not know where your users/permissions are stored and in what format; so we generally need to implement our own in the application
Realm;
SessionManager: If you write a Servlet, you should know the concept of the session, which requires someone to manage it.
Its life cycle, this component is SessionManager, and Shiro not only can be used in the WEB environment, but also
It can be used in the environment such as ordinary javase environment, EJB, etc. all, Shiro has abstracted a Session of his own.
To manage the data that interacts between the subject and the app, so that, for example, we use it in a WEB environment, at first it's a
Web server, and then on the EJB server, then you want to put the session data of the two servers in one place,
At this point, you can implement your own distributed session (such as putting data on the Memcached server);
Sessiondao:: DAO Everyone has used, data access objects, for session CRUD, for example we want to put the session
Save to the database, you can implement your own Sessiondao, write to the database, such as JDBC, to
The Session is put into the Memcached, you can realize your own Memcached Sessiondao; another Sessiondao
Cache can be used to improve performance;
CacheManager: Cache controller to manage caches such as users, roles, permissions, and so on, because these data are basically
The performance of the access can be improved by placing it in the cache.
Cryptography: Cipher module, Shiro improves some common cryptographic components for password encryption/decryption.
Shiro User Process Shiro not to maintain the user, maintenance rights, these need we to design/provide, and then through
The corresponding interface is injected to the Shiro.
For a good frame, from the outside view should
has a very simple and easy-to-use API, and the API contract is clear; internally, it should have an extensible
Architecture, which is very easy to insert into a user-defined implementation, because no framework can meet all requirements.
First, let's look at Shiro from the outside, that is, from an application perspective, to see how to use Shiro to do the job. Such as
:
Can see: The application code directly interacts with the object is subject, that is to say Shiro API core is subject;
The meaning of each of its APIs:
Subject: The subject, representing the current "user", the user is not necessarily a specific person, interacting with the current application
Anything is Subject, such as a web crawler, a robot, or an abstract concept; all Subject are bound
To SecurityManager, all interactions with Subject will be delegated to SecurityManager;
is a façade; SecurityManager is the actual performer;
SecurityManager: Security Manager, that is, all security-related operations will interact with SecurityManager;
And it manages all Subject; it is the core of the Shiro, and it is responsible for the other components described behind
Interaction, if you have learned SPRINGMVC, you can think of it as Dispatcherservlet front-end controller;
Realm: Domain, Shiro obtains security data from realm (such as Users, roles, permissions), which means SecurityManager
To verify a user's identity, it needs to be compared from realm to determine whether the user is legitimate or not, and to verify that the user has the appropriate role/permissions from the realm to be able to operate;
into DataSource, or secure data sources.
That is to say, for us, the simplest of a Shiro application:
1, the application code through the Subject for authentication and authorization, and Subject entrusted to SecurityManager;
2, we need to give Shiro SecurityManager to inject Realm, so that SecurityManager can get legal
Users and their permissions.
Hands-on implementation of Java Permissions (1)-shiro Introduction
