"Shiro" three, Apache Shiro certification

Configuration and get to SecurityManager, on behalf of Shiro normal operation, you can use the other functions of Shiro.

1, the certification process (API usage process) certified data:

Principals: Identification

• Identification of subject data

• such as: User name, social Security number, etc.

· Primary Principal:subject Unique Master Number

Credentials: Voucher

· Subject Private Data

• such as: password, fingerprint, retina, etc.

Steps for Certification:

Collect data → submit validation → result processing

How to collect Data:

1, self-realization Shiro Authenticationtoken interface

2, using some of the default Authenticationtoken interface implementations provided by Shiro, such as Usernamepasswordtoken implementation

Submit Validation:

Subject represents the current user, calling subject's login method Subject.login ()

Result processing

Success: Use subject's IsAuthenticated () method to view

Failure: Throws an exception and can be handled by catching the exception.

Examples of certified code:

//Collect DataUsernamepasswordtoken token =NewUsernamepasswordtoken (Username,password); Token.setrememberme (true);//Some of the accessibility features provided by the default implementation//Submit ValidationSubject CurrentUser =Secutiryutils.getsubject (); Currentuser.login (token);//Verify SuccessSubject Loginuser =Secutiryutils.getsubject (); loginuser.isauthenticated ()==true;//handle Exception when login failsTry{currentuser.login (token);}Catch(ExType1 ex1) {}Catch(ExType2 ex2) {}Catch(ExType3 ex3) {} ....

Remember Me

Remembered

• Non-empty authentication information

• Authentication information from the previous session certification results

subject.isrememebered () = True to determine if RememberMe was last used

Authenticated

• Authentication information from the current session certification results

subject.isauthenticated () = True to determine if this authentication is passed

Usage scenarios:

Mall Shopping Cart

1, the last login, this time to open the browser is not logged in, want to add a product to the shopping cart (if this is required to log in first, the user experience is not good, the site is now can be added to the shopping cart, and then pay to sign in after the payment)

At this time, use isrememebered (), obtain the last authentication information, the shopping cart data directly to the last authenticated users.

2, the need to pay the order

Then ask to log in and use IsAuthenticated () to determine if the user logged in is correct.

Loggin out

// Invalidates the session, clears all authentication information currentuser.logout ();

2. Certification structure (internal operation of the framework)

1, call Subject.login (token) issued

2. Find security Manager (facade mode)

3. Call the Authenticator component

4, there are many policies in the components, these policies will call realm to obtain data, and ultimately to determine whether to pass the validation

5, access to the database through the realm to obtain data, to determine whether the certification

Authenticator

Single Realm

Modularrealmauthenticator: There is only one realm that can only be used to know if the certification

Multiple Realms

Authenticationstrategy: When there are multiple realms, a strategy is adopted to determine how the authentication is passed.

Custom Authenticator

When none of the above is satisfied, we can customize the implementation of a authenticator

Then, like the code below, assign this authenticator to the security manager

[main]  == $authenticator

Authenticationstrategy

atleastonesuccessfulstrategy[Default value]

Once a realm verification is successful, all realm authentication authentication information is successfully returned.

Firstsuccessfulstrategy

As long as a reaml authentication succeeds, only the authentication information of the first REAML authentication is returned, and the others are ignored.

Allsuccessfulstrategy

All realm verification success is successful, cutting back all realm authentication successful authentication information, if there is a failure to fail.

[main] =

Realm authentication Sequence

Multiple Realm authentication Sequences

Iterative authentication

Implicit order

Certify in the order in which the configuration code is written

Blahrealm == = Com.company.another.Realm

Explicit order

Using Securitymanager.realms

Blahrealm == = = $fooRealm, $barRealm, $blahRealm

"Shiro" three, Apache Shiro certification