shiro explained term

Others 2020-01-12 22:24:43 views: null

Authentication (authentication, generally used for login)

Authentication is the process of verifying the identity of the Subject - essentially prove whether some people really are who they say they are. When the authentication attempt into
the work, the application can believe that the subject is guaranteed to its desired.

Authorization (authorization)

Authorization, also known as access control, is to decide whether a user / Subject process is allowed to do something. It is usually explained by examining and Subject
roles and permissions (see below), then allow or deny a resource or function to complete the request.

Cipher (cryptographic algorithms)

The password is an algorithm to encrypt or decrypt. The algorithm is generally dependent on the key information is called a. Based encryption algorithms of different key
is not the same, all decryption without it is very difficult.
Passwords are different manifestations. Committed symbol block cipher, typically a fixed size, and a continuous stream ciphers dedicated symbol stream. Symmetric
cryptosystem encryption and decryption using the same key (key), rather than symmetric encryption using a different key. If asymmetric encryption keys can not be
obtained from other sources, you can create a public / private key pair to share publicly.

Credential (certificates, credentials)

Certificate is a piece of information used to verify the identity of the user / Subject of. During the authentication attempt, one (or more) credentials Principals (s) is a
same submitted to verify the user / Subject submitted by the user is indeed associated. Certificates are usually very secret thing, only certain
user / Subject to know, such as passwords or PGP key or biological properties or similar mechanism.
The idea is set for principal, only one person will know the proper certificate to "match" the principal. If the current user / Subject
provide the correct credentials matched in the system, the system memory can be assumed and trust the current user / Subject's true what they say they
who. With more confidence in the security document type deepening (eg, biometric signature> password).

Cryptography (Cryptography)

Encryption is a common practice to protect information from unwanted access by hiding information or to convert it to something meaningless, so no one can reason
and solve it. Shiro committed two core elements of encryption: password encryption data, such as using public or private key messages, and hash tables (also known as consumer
message digest), it is not reversible encrypted data, such as passwords.

Hash (hash function)

The hash function is one-way, irreversible input source, sometimes referred to as a message, within an encoded hash value, sometimes called a message
digest. It is commonly used passwords, digital fingerprint, or byte array based data.

Permission (permission, license)

Authority, at least as interpreted by Shiro is described in the application of the original function of a statement and no more function. Authority in the security policy
concept of strategy in the lowest level. They only defines the application can do "anything." They did not say "who" can perform these operations. The right to
limit only declared behavior, nothing more.
Some examples of privileges:

  1. open a file
  2. View '/ user / list' page
  3. Print the document
  4. Delete 'jsmith' users

Principal (the protagonist)

Principal is an application user (Subject) any sign property. "Mark property" can be any meaningful for your application East
West - user name, last name, first name, social security number, user ID, and so on. That's it - nothing strange.
Shiro also cited some of the things we call primary principal Subject of. A primary principal in the entire application Only
a logo Subject of principal. Preferably primary principal user name or user RDBMS primary key - user ID. For applications in
the user program (Subject), only a primary principal

Realm (domain, range)

Realm is a component that can access application-specific security data (such as users, roles and permissions) of. It can be seen as a particular
security DAO (Data Access Object). Realm convert these application-specific data into a format that can be understood by Shiro, Shiro this
in turn can provide a single, easy-to-understand Subject programming API, no matter how many data sources exist or whether your data is what kind of
application-specific format.
Realm and data sources are usually one to one correspondence, such as relational databases, LDAP directories, file systems, or other similar sources. Therefore, the
implementation uses a data source-specific API Realm interface to show authorization data (roles, permissions, etc.), such as JDBC, file IO, Hibernate or
JPA, or other data access API

Role (role)

Based on the object of your conversation, the definition of a role is changing. In many applications, it is at best a vague concept, people
use it to implicitly defined security policy. Shiro biased in favor of the role explained simply as a collection of named permission set. That's it - a should
with a unique name of the program, gathering one or more rights declaration.
This is a more specific definition than many implicit definition used by the application. If you choose your data model assumptions to reflect Shiro,
you will find will have more power to control security policy.

Session (session)

A stateful session is a period of time data, and the context of a single software system to interact with the user / Subject associated. When
the time Subject using the application can be added from the conversation / reading / erasing data, and the number of applications to use where it is needed later
data. The session will be terminated due to user / Subject logout or session inactivity timeout.
For those familiar with the HttpSession, Shiro Session serve the same objective, in addition to Shiro session can be used in any environment, even in a
no environment Servlet container or EJB container.

Subject (theme)

Subject only carefully selected a security term, substantially it means an application-specific user security "view." However Subject
does not always reflect the need for one person - it can represent a call outside of your application process, perhaps a system daemon account,
perform some intermittent something over a period of time (such as a cron job). It is basically any application that uses an entity to do something
on behalf of.
- = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
filterChainDefinitions described in detail:
anon:
examples / admins / ** = anon no parameter representation may use anonymous .
authc: for example, / admins / user / ** = authc expressed the need for authentication (login) to use, no parameters

roles:
Examples / admins / user / = roles [ admin], a plurality of parameters can be written, must be quoted plurality, and comma-delimited between the parameters, when there are a plurality of parameters, e.g. admins / user / = roles [ "admin, guest"], each of the parameters considered by the equivalent of hasAllRoles () method.

perms:
Examples / admins / user / = perms [ user: add:], a plurality of parameters can be written, must be quoted plurality, and comma-delimited between the parameters, for example, / admins / user / = perms [ "user : add:, user: modify: * "], in isPermitedAll () method when there are a plurality of parameters each parameter must only pass through, wanted.

rest:
Examples / admins / user / = rest [ user], the method according to the request, corresponding to / admins / user / = perms [ user: method], wherein the method is a post, get, delete the like.

port:
Examples / admins / user / ** = port [8081], when the request url port is not 8081 Jump to schemal: // serverName:? 8081 queryString , which is schmal protocols such as http or https, serverName you host access, the 8081 is configured in the port of port url, queryString is your url to access the inside? Parameter back.

authcBasic:
e.g. / admins / user / ** = authcBasic no authentication parameter indicates httpBasic
ssl:
Examples / admins / user / ** = ssl no parameter indicating the request url secure protocol is HTTPS
User:
e.g. / admins / user / * * = user must exist no parameter represents the user, when the sign is not operation check
Note: anon, authcBasic, auchc, user authentication is a filter,
PERMS, Roles, SSL, REST, Port authorized filter ↩︎

A touch of sadness programmers
Published 34 original articles · won praise 6 · views 3640
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_35986709/article/details/103909976
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com