Objective
Shiro is a new privilege framework in the JAVA world that has a huge advantage in simplicity and flexibility compared to JAAS and Spring Security,shiro, while maintaining a powerful capability. This article will lead readers to see Shiro style.
Perhaps everyone had previously met J-security, this is the predecessor of Shiro. Before the beginning of March 2009, this security framework called j-security, for some reason, renamed Shiro (or Ki, meaning fortress), is the Apache incubation project, in view of the writing of this article Shiro has not yet officially released version, this article is using Js Stable version 0.9 of ecurity, Shiro equivalent to jsecurity in this article.
This article will cover the overall framework, security model, and key concept classes for Shiro, along with examples of Shiro and Grails Shiro Plugin, which can be used in the download of the source code.
The development environment for this article code:
Jsecurity 0.9
Grails 1.2.0
Grails Shiro Plugin 1.0.1
SpringSource Tool Suite 2.3
Shiro is a powerful and flexible open source security framework that handles authentication, authorization, management sessions, and password encryption very clearly. It has the following characteristics:
Easy to understand Java security API;
Simple identity authentication (login), support a variety of data sources (ldap,jdbc,kerberos,activedirectory, etc.);
Simple power of access control for the role, supporting fine-grained signing;
Support for first-level caching to improve application performance;
Built-in POJO Enterprise session management for Web and non-web environments;
heterogeneous client session access;
A very simple encryption API;
Not tied to any frame or container, can run independently.
There are other early security frameworks, such as jaas,spring.
Jaas-'s debut was the earliest, but given its limited use, few people really use it. It can be said that it is not a good application-level security framework;
Spring security-is now well established in the domain of the Java security framework and is already very mature; If you use the spring framework, you can prefer spring security, but for single applications, Shiro is more simple and convenient.
The following is the beginning of our Shiro tour!