What is the function?
shiro is an open source security management framework based on java. The open source completes functions such as human authentication, authorization, session management, encryption, and caching. When it comes to authorization and authentication, you will think of rbac. In fact, shiro has an encapsulation for rbac.
Basic functions of shiro
Authentication : authentication, user authentication
Authorization : authorization, grant users access to certain resources
Session Management :
session management, after the user logs in, it is a session, before logging out, all its information is in the session, the session can be a normal JavaSE environment Yes, it can also be the
Crytography of the web environment : encryption, provides some common encryption algorithms, making it easy to implement data security in applications
- webSupport: web application support, shiro can be easily integrated into web applications
- caching: caching, shiro provides support for caching, such as Redis caching
- concurrency: Concurrency support, support for multi-threaded concurrent access
- Testing: Testing
- Run As: Support a user to log in with another identity if allowed
- Remember me: remember me
Architecture
subject
- Subject is the subject. The external application interacts with the subject. The subject records the current operating user (at this time, the concept of Hulu is understood as the subject of the current operation). It may be a user requesting through a browser, or it may be a running user. program
- Subject is an interface in shiro. The interface defines many authentication and authorization-related methods. External programs use subject for authentication and authorization, and subject uses SecurityManager for authentication and authorization.
SecurityManager
- The security manager performs security management on all subjects. It is the core of shiro and is responsible for security management on all subjects. The authentication and authorization of the subject can be completed through the SecurityManager, which means that the Securitymanager is authenticated through the Authenticator, authorized through the Authorizer, and session management through the SessionManager
- Security is an interface that inherits the three interfaces of Authenticator, Authorzier, and SessionManager
Authenticator
- The authenticator is an interface for authenticating the user's identity. Shiro provides ModularRealmAuthenticator implementation class, which can basically meet most of the needs. You can also customize the authenticator, similar to the part of RBAC that queries the database and returns the user object.
Authorizer
- Authorizer, after the user passes the authenticator, when accessing the function, the authorizer needs to determine whether the user has the operation authority of this function, which is similar to the process of returning the user object in rbac and assigning values to the user's various functional objects
Realms
- Field, equivalent to dataSource data source. SecurityManager needs to obtain data through Realm for security authentication, such as obtaining user identity information from a database
- Realm not only obtains data from data sources, there are also relevant codes for authentication, authorization and verification in realm.
sessionManager
- SessionManager is session management. Shiro defines a set of session management. It does not depend on the session of the web container, so Shiro can be used in non-web applications, or it can be managed in one point for distributed applications. This feature enables it to be implemented. sign in.
SessionDao
- Session dao is a set of interfaces for session operation. For example, if you want to store the session in the database, you can store the session in the database through jdbc
CacheManager
- Cache management, store user permission data in cache to improve performance
Crytography
- Password management, shiro provides a set of encryption/decryption components