Shiro(I) : Introduction to Shiro

There are two basic concepts

Security entities: Objects protected by the permissions system, such as payroll data.
Permissions: Actions that need to be verified, such as viewing, modifying, etc.

Assign permissions:

Assign certain permissions to certain security entities to certain people.
The process of adding or maintaining data to a database

Permission verification (permission matching) :

Determines whether a person or program has certain or other permissions on a security entity.
The process of obtaining data from a database for matching.
Inheritance of permissions: If multiple security entities have inclusion relationships and a security entity has no permission restrictions, it inherits the corresponding permissions of the security entity that contains it.
Principle of closest matching of permissions: If multiple security entities have inclusion relationships and a security entity has no permission restrictions, it will look up and match the corresponding permission restrictions until it finds the closest security entity with the corresponding permission restrictions. If the entire hierarchy is searched and no corresponding permission limit is matched, then everyone has the corresponding permission limit for the security entity.

Second, Shiro introduction

Apache Shiro is a powerful and easy-to-use Java security framework that provides authentication, authorization, encryption, and session management
What can Shiro do

3. Session management: Use the Session API in any environment, even if there is no Web or EJB container. Realms: Data sources for aggregating one or more users’ secure data. Single Sign-on (SSO) features 7. Enable the “Remember Me” service for users not associated with login

Iii. Main functions of Shiro

Shiro’s four core components
1. Authentication: Short for “login”, that is, to prove who the user is.
2. Authorization: The process of access control, that is, determining whether or not you have permission to access protected resources.
3. Session Management: Manages user-specific sessions, even in non-Web or EJB applications.
4. Cryptography: Keeping data secure through the use of encryption algorithms
Shiro also provides the following extensions:
Web Support: Provides common functions for Web applications.
Caching: Caching enables applications to run more efficiently.
Concurrency: Concurrency is a function related to multiple threads.
Testing: Help us test related features
“Run As” : a feature that allows a user to assume the identity of another user (if allowed), sometimes useful in managing scripts.
“Remember Me” : Remember the identity of the user and provide a shopping cart like function.

Four, Shiro architecture three core components

– Subject: indicates a person or a third-party service that is interacting with the system. All Subject instances are bound (and must be) to a SecurityManager.

– SecurityManager: the heart of Shiro architecture. It coordinates internal security components, manages internal component instances, and provides security management services through it. When Shiro interacts with a Subject, it is essentially the SecurityManager behind the scenes that handles all of the heavy Subject security operations.

-Realms: Essentially a specific security DAO. When Shiro is configured, you must specify at least one Realm for authentication and/or authorization. Shiro offers a variety of Realms available to capture security-related data. Such as relational database (JDBC), INI and property files. You can define your own Realm implementation to represent custom data sources.

5. Shiro architecture

Authenticator: Component that performs authentication (login) on a user. The Authenticator obtains data from one or more realms to verify the user’s identity.
If there are multiple realms, the interface AuthenticationStrategy determines what counts as a successful authentication (for example, if one realm succeeds and all the others fail, the login succeeds).
Authorizer: Verifies whether a user can access protected resources in an application
SessionManager: The Session API can be used consistently at any application or architectural layer
SessionDAO: The SessionManager performs Session Persistence (CRUD) operations.
CacheManager: Provides cache support for Shiro components.
Cryptography: Shiro’s API greatly simplifies the tedious password encryption in the Java API
Realms: Shiro gets security data through Realms

Related Posts

In CentOS, nginx log cutting prevents you from opening logrotate+crontab when a single log file is too large

New MyBatis | core object

RabbitMQ (10) RabbitMQ integration with SpringBoot! (all)