Three main concepts of Shiro
Subject
Refers to the user object including static behavior and dynamic behavior, static behavior such as user name, password and login status, etc., dynamic behavior such as login, logout and so on.
SecurityManager
Shiro's core objects (security management), including authentication objects, authorization objects, Realms, SessionManager objects, and CacheManager, manage all Subjects.
Realms
The "bridge" between Shiro and the application completes tasks such as obtaining user login information (username and password, roles and permissions, etc.) and actually performing authentication and authorization.
Shiro Architecture Diagram