Recently in the Itoo project to solve two problems in the Apache Shiro cluster, one is the session sharing problem, one is the authorization information cache sharing problem, the official online example is the implementation of Ehcache, in the configuration instructions are not very detailed, I used NoSQL (Redis) instead of Ehcache to do the session and cache storage in our project, and then continue to analyze it from the perspective of Shiro, Cas, Redis, session, etc. Series of articles is very long, very rich, please look forward to!
Apache Shiro Cluster Implementation (i) Shiro introduction
Apache Shiro cluster Implementation (ii) INI configuration of Shiro
Apache Shiro cluster Implementation (III) Shiro identity authentication (Shiro authentication)
Apache Shiro cluster Implementation (IV) Shiro authorization (authentication)-access control
Apache Shiro Cluster Implementation (v) High Availability session solution under distributed cluster system
Apache Shiro Cluster Implementation (VI) High-availability session solution under distributed cluster system---session sharing
Apache Shiro Cluster Implementation (VII)---cache sharing under distributed cluster system
Apache Shiro Cluster Implementation (eight) 3 methods of Session synchronization in Web cluster today, let's introduce the basic concept of Shiro. Shiro function
- Authentication: Identity authentication/Login
- Authorization: Verify permissions, that is, verify that someone has permission to do something.
- Session Management: Session Management. Manage user-specific sessions, web-enabled, non-WEB,EJB.
- Cryptography: encryption to ensure data security.
- Other features.
- Web Support:web support makes it easier to inherit web apps.
- Caching: Caching
- Concurrency: Concurrent authentication of multi-threaded applications, such as opening another thread in one thread, can automatically propagate the past;
- Testing: Provides test support.
- Run as: Allows one user to pretend to access the identity of another user (if they allow);
- Remember me: Remember me, that is, remember the login status, once logged in, the next time you come back without logging in.
Ii. Architecture Introduction from the top-level view of Shiro, there are three most basic concepts: Subject, SecurityManager and realms.
Subject: main body. Abstract concept, represents the current "user", this user is not necessarily a specific person, and the current application of anything is subject, such as web crawler, robot and so on.
SecurityManager: Security Manager. At the core of Shiro, all security-related operations interact with SecurityManager, and it manages all subject.
Realms: A bridge between Shiro and the permissions data for the application, providing secure data for Shiro. SecurityManager to verify a user's identity, it needs to be compared to the user from realm to determine whether the user is legitimate, and to get the user's role/permissions from realm to verify that the user is able to do so. , you can think of realm as DataSource, or secure data source.
The schema of the Shiro, as shown in:
Subject (Org.apache.shiro.subject.Subject) interacts with the subject of the application, such as users, third-party applications, and so on. SecurityManager (Org.apache.shiro.mgt.SecurityManager) SecurityManager is at the heart of Shiro and is responsible for integrating all the components so that they can easily and quickly complete a function. For example: Authentication, permission validation, and so on.
Authenticator (org.apache.shiro.authc.Authenticator)Authenticator, responsible for the main authentication, this is an extension point, if the user feels Shiro default is not good, can be customized implementation, it needs authentication policy (authentication strategy), that is, under what circumstances the user certification passed.
Authorizer (Org.apache.shiro.authz.Authorizer)To determine whether the principal has permission to perform the appropriate action, that is, to control which functions the user can access in the app.
SessionManager (Org.apache.shiro.session.mgt.SessionManager)Session Management.
Sessiondao (Org.apache.shiro.session.mgt.eis.SessionDAO)A data Access object that crud the session.
CacheManager (Org.apache.shiro.cache.CacheManager)Cache manager. Create and manage caches, provide cache data for authentication, authorization, and session management, and avoid direct access to the database for increased efficiency.
Cryptography (org.apache.shiro.crypto.*)Cipher module, which provides cryptographic components.
Realms (Org.apache.shiro.realm.Realm)There can be 1 or more realms that can be considered a secure Entity data source, which is used to obtain a security entity, either a JDBC implementation or an LDAP implementation, or a memory implementation, etc.; note: Shiro does not know where your users/permissions are stored and in what format , so we generally need to implement our realm in the application. Summarize the basic knowledge of macro-understanding, master the overall! Http://blog.csdn.net/lishehe/article/details/45218251#comments
"Go" Apache Shiro cluster Implementation (i) Shiro introduction