1. What is the difference between Shiro and Security?
2. The core concept of Shiro
Security entity: The specific object data that the system needs to protect
Permissions: System-related functional operations, such as basic CRUD
Authentication: Identity authentication/login
Authorization: Authorization
Session Manager: Session management
Cryptography: Encryption to protect data security
Concurrency: Shiro supports multiple Concurrency verification
testing for threaded applications: Provide test support
Run As: Allow one user to pretend to be another user
Remember Me: Remember me, this is a very common function
3. Three core components of Shiro: Subject+SecurityManager+Realm
3.1 Subject
Represents the current "user". This user is not necessarily a specific person. Anything that interacts with the current application is a Subject, such as crawlers, robots, etc.; that is, an abstract concept; all Subjects are bound to the SecurityManager, and the Subject
's All interactions will be delegated to the SecurityManager;
the Subject can be considered as a facade; the SecurityManager is the actual executor.
3.2 SecurityManager (Security Manager)
That is, all security-related operations will interact with the SecurityManager; and it manages all Subjects; it
can be seen that it is the core of Shiro, and
the SecurityManager is equivalent to the dispatcherServlet front controller in spring mvc.
3.3 Realm
Shiro obtains security data (such as users, roles, and permissions) from Realm, which means that SecurityManager needs to obtain the corresponding user from Realm for comparison to determine whether the user's identity is legal; it also needs to obtain the user's corresponding role from Realm /Authorization to verify whether the user can operate;
Realm can be regarded as DataSource, that is, a secure data source.
4. Shiro+JWT combination
