Recently in Blue Bridge (laboratory building) published a [course] with Shiro as the main, Spring Boot as the auxiliary, implementing a simple permission management system, summarized Shiro’s core concepts and use. We welcome your support. If you are interested in buying, please use this promo code: m4fx6AQ9 to get some discounts.

The course covers the following topics:

  • Shiro identity theory and practice
  • Shiro delegation theory and practice
  • Shiro session management
  • Use of Shiro’s native API
  • Integrate Shiro into the Spring Boot project
  • Use Shiro for login and logout functions
  • Use Shiro to manage user roles
  • Use Shiro for user management
  • Shiro’s annotation-based permission controls
  • Resource-based access control
  • Configure Shiro Realm based on the system data model
  • A simple comparison between Shiro and Spring Security

Introduction to the

Apache Shiro is a powerful and easy-to-use Java security framework that enables developers to handle authentication, authorization, session management, and password encryption in a very clear way. Using its easy-to-understand API, developers can easily and efficiently add security management capabilities to any application, from the smallest mobile applications to large web and enterprise applications.

This course will focus on Shiro’s two most important security functions, authentication and authorization, in a theoretical and practical way.

In the theoretical part, Shiro’s architecture, key concepts and terms, Authentication, Authorization and session management will be introduced successively. In addition to the theoretical introduction, examples using Shiro’s native API implementation will be given to help you understand and remember.

The actual combat part is a simple user authority management system. With the help of this system, administrators (users) can easily create roles and users, assign permissions to them after creating roles, and bind one or more roles to users after creating users. At the same time, managers can modify these relationships (security models) at any time, even while the service is running, thereby dynamically changing permissions.

The actual combat project uses Shiro as the security framework and is developed based on Spring Boot + Mybatis. The focus will be on RESTful HTTP interface development, practices for annotation-based Shiro access control and resource-based access control, no user interface, but using Swagger-UI as documentation and interface functionality validation tool.

User rights management system consists of three main functional modules: role management, user management and notification management (notification is a simulation of application resources to demonstrate the dynamic allocation of user rights management system). The following screenshot shows part of the interface for character management after development: