Introduction to basic concepts of shiro framework

News 2023-09-11 23:59:33 views: null

Table of contents

What is Shiro:

Shiro’s core features include:

Shiro main components and interactions:

Shiro certification process:

Shiro authorization process:

How to obtain information

What is Shiro:

  Shiro is a powerful and flexible open source security framework that fully handles authentication, authorization, encryption and session management

Shiro’s core features include:

  1. Authentication: Verify the user's identity to ensure that the user is legitimate.
  2. Authorization: Controls users' access to system resources and restricts users to only access authorized parts.
  3. Session Management: Manage user sessions, track user login status and activities, and provide session persistence support.
  4. Cryptography: Provides support for password encryption and decryption to ensure the security of user passwords during storage and transmission.
  5. Web support: Provides support for integration with Web applications, including integrating mainstream Web frameworks (such as Spring, Struts) and filters for processing Web requests.

Shiro main components and interactions:

  1. Subject:

    • Subject represents the user currently interacting with the application. Can be a person, device, or other system entity.
    • Subject encapsulates the user's identity and related security operations, such as login, logout, permission check, etc.

  2. SecurityManager:

    • SecurityManager is the core component of Shiro and is responsible for coordinating and managing all security operations.
    • SecurityManager manages one or more Realms for authentication and authorization.

  3. Realm:

    • Realm is a bridge between Shiro and secure data sources (such as databases, LDAP, etc.).
    • Realm is responsible for obtaining the user's identity and permission information from the data source and providing it to SecurityManager for verification and authorization operations.

  4. Authenticator:

    • Authenticator is responsible for authenticating users.
    • Authenticator uses Realm to obtain the user's identity information and compare it with the credentials provided by the user to determine whether the user is legitimate.

  5. Authorizer:

    • Authorizer is responsible for authorizing users and determining whether users have the right to access specific resources.
    • Authorizer uses Realm to obtain the user's role and permission information and matches it with the application-defined roles and permissions to determine whether the user is authorized to access resources.

  6. SessionManager:

    • SessionManager is responsible for managing user sessions.
    • SessionManager creates, maintains and closes user sessions, and provides session persistence support.

  7. SessionDAO (session data access object):

    • SessionDAO is an interface for reading and storing session data.
    • SessionDAO interacts with a database or other storage medium to persist or read session data from persistent storage.

  These components work together to form Shiro's security framework. Subject performs authentication and authorization operations through SecurityManager, which uses Realm to obtain the user's identity and permission information. And we need to implement Realms' Authentication and Authorization. Authenticator is responsible for authentication, Authorizer is responsible for authorization, and SessionManager is responsible for session management. SessionDAO provides support for reading and storing session data. through this

Through this interaction, Shiro provides comprehensive security features to protect the security of applications.

Shiro certification process:

  1. User submits identity information: The user enters their username and password on the application's login page and submits their identity information.
  2. Subject submits identity information: After the application receives the identity information submitted by the user, it encapsulates it into a Subject object.
  3. SecurityManager starts authentication: SecurityManager is the core component of Shiro and is responsible for coordinating and managing all security operations. After receiving the identity information submitted by the Subject, it starts authentication.
  4. SecurityManager calls Authenticator for authentication: SecurityManager will call the configured Authenticator for authentication.
  5. Authenticator obtains identity information: Authenticator uses a Realm (which may be a single Realm or a combination of multiple Realms) to obtain the user's identity information from a data source.
  6. Realm obtains user identity information: Realm is the bridge between Shiro and secure data sources. It obtains the user's identity information based on the configured method (such as database, LDAP, etc.).
  7. Authenticator performs identity matching: Authenticator matches the identity information submitted by the user with the user identity information obtained by Realm to determine whether the user is legitimate.
  8. The authentication result is returned to SecurityManager: Authenticator returns the authentication result (pass or fail) to SecurityManager.
  9. SecurityManager processes the authentication results: SecurityManager according to the authentication results, if the authentication is successful, the user will be marked as authenticated and the user's identity information will be stored in the Subject for later use. If authentication fails, the appropriate exception is thrown.
  10. The authentication result is returned to the application: SecurityManager returns the authentication result to the application, and the application can decide how to handle it based on the authentication result.

Shiro authorization process:

    1. User initiates access request:
      The user initiates an access request to a resource in the application, such as accessing a specific URL or performing an operation.

    2. Subject initiates an authorization request:
      The Subject object encapsulates the current user's identity information and related security operations. When a user initiates an access request, the Subject object sends an authorization request to the SecurityManager.

    3. SecurityManager starts authorization:
      SecurityManager is the core component of Shiro and is responsible for coordinating and managing all security operations. After it receives the Subject's authorization request, it starts authorization processing.

    4. SecurityManager calls Authorizer for authorization:
      SecurityManager will call the configured Authorizer for authorization operation.

    5. Authorizer obtains user role and permission information:
      Authorizer uses Realm (may be a single Realm or a combination of multiple Realms) to obtain the current user's role and permission information from the data source.

    6. Authorizer for role and permission matching:
      The Authorizer matches the user's role and permission information with the application-defined roles and permissions to determine whether the user has permission to access the requested resource.

    7. The authorization result is returned to SecurityManager:
      Authorizer returns the authorization result (access allowed or access denied) to SecurityManager.

    8. SecurityManager handles the authorization results:
      Based on the authorization results, SecurityManager allows the user to access the requested resource if the authorization is successful. If authorization fails, a corresponding exception is thrown or other processing measures are taken.

    9. The authorization result is returned to the application:
      SecurityManager returns the authorization result to the application, and the application can decide how to handle the user's access request based on the authorization result.

       

How to obtain information

【Message 777】

Friends who want to get the source code and other tutorial materials, please like + comment + collect , three times in a row!

After three consecutive rounds , I will send you private messages one by one in the comment area~

Guess you like

Origin blog.csdn.net/GDYY3721/article/details/132279436
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com