In system administration: the user clicks on a page, click a button different contents, and each user sees a page; how to control, to achieve it?
When users log in, the system will need to verify the user's identity when accessing a page you need to check whether the user thus privilege;
It found that a user can access multiple pages and click multiple buttons; but to specific pages on a user assigned it, then had a role, users and roles associated roles and associated resources thus creating a privilege;
Authentication : authentication / login, verify that the user is not have the appropriate identification;
The Authorization : Authorization that the competence to verify, verify that a user has authenticated a privilege;
That is, whether the user can do things such as common: verify that a user has a role. Or fine-grained verify whether a user has a permission for a resource;
Manager the Session : Session management, that is, after the user logs in one session, in the absence of exit, it's all the information in the session; the session can be ordinary JavaSE environment, it can be as Web environment;
Cryptography : encryption, secure data, such as encrypted passwords stored in the database, instead of storing the plaintext;
Support Web : Web support can be very easily integrated into the Web environment;
Caching : Cache, such as users log in, their user information, with roles / permissions do not have to check every time, this can increase efficiency;
Concurrency : shiro support concurrent verification multithreaded applications, such as opening that is another thread in a thread, permissions can be automatically propagated in the past;
Testing : provide test support;
Of As RUN : pretend that allows a user to another user (if they allow) the identity of access;
Me Remember : Remember me, this is a very common feature, ie after the first login, then do not come back next time logged.
Transfer: https://www.w3cschool.cn/shiro/co4m1if2.html