To use Shiro as the basis of permissions for the application

Source: Internet
Author: User
Tags grails

Objective

Shiro is a new privilege framework in the JAVA world that has a huge advantage in simplicity and flexibility compared to JAAS and Spring Security,shiro, while maintaining a powerful capability. This article will lead readers to see Shiro style.

Perhaps everyone had previously met J-security, this is the predecessor of Shiro. Before the beginning of March 2009, this security framework called j-security, for some reason, renamed Shiro (or Ki, meaning fortress), is the Apache incubation project, in view of the writing of this article Shiro has not yet officially released version, this article is using Js Stable version 0.9 of ecurity, Shiro equivalent to jsecurity in this article.

This article will cover the overall framework, security model, and key concept classes for Shiro, along with examples of Shiro and Grails Shiro Plugin, which can be used in the download of the source code.

The development environment for this article code:

Jsecurity 0.9

Grails 1.2.0

Grails Shiro Plugin 1.0.1

SpringSource Tool Suite 2.3

Shiro is a powerful and flexible open source security framework that handles authentication, authorization, management sessions, and password encryption very clearly. It has the following characteristics:

Easy to understand Java security API;

Simple identity authentication (login), support a variety of data sources (ldap,jdbc,kerberos,activedirectory, etc.);

Simple power of access control for the role, supporting fine-grained signing;

Support for first-level caching to improve application performance;

Built-in POJO Enterprise session management for Web and non-web environments;

heterogeneous client session access;

A very simple encryption API;

Not tied to any frame or container, can run independently.

There are other early security frameworks, such as jaas,spring.

Jaas-'s debut was the earliest, but given its limited use, few people really use it. It can be said that it is not a good application-level security framework;

Spring security-is now well established in the domain of the Java security framework and is already very mature; If you use the spring framework, you can prefer spring security, but for single applications, Shiro is more simple and convenient.

The following is the beginning of our Shiro tour!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.