Explain Shiro caching mechanism in detail

Shiro provides a cache abstraction similar to spring, that is, Shiro does not implement cache itself, but abstracts the cache to facilitate the replacement of different underlying cache implementations.

Cache interface provided by Shiro:

Java code

CacheManager interface provided by Shiro:

Java code

Shiro also provides cachemanageraware to inject CacheManager:

Java code

The corresponding component in Shiro (defaultsecuritymanager) will automatically detect whether the corresponding object (such as real) implements cachemanageraware and automatically inject the corresponding CacheManager.

Real cache

Shiro provides cacheingrealm, which implements the cachemanageraware interface and provides some basic implementations of caching; In addition, authenticating realm and authorizing realm provide caching of authenticationinfo and authorizationinfo information respectively.

Ini configuration

Java code

userRealm. Caching enabled: enables caching. The default is false;

userRealm. Authenticationcacheingenabled: enables authentication caching, that is, caches authenticationinfo information. The default is false;

userRealm. Authenticationcachename: the cache name for caching authenticationinfo information;

userRealm. Authorizationcacheingenabled: enables authorization caching, that is, caches authorizationinfo information. The default is false;

userRealm. Authorizationcachename: the name of the cache that caches the authorizationinfo information;

CacheManager: cache manager. Ehcachemanager, or ehcache implementation, is used here. You need to import corresponding ehcache dependencies. Please refer to POM xml；

Because of the relationship between test cases, it is necessary to change the cache manager of ehcache to use VM singleton mode:

Change to

test case

Java code

First, log in successfully (the corresponding authenticationinfo will be cached at this time), and then modify the password. At this time, the password will change. Then, you need to call the clearcachedauthenticationinfo method of real to clear the previously cached authenticationinfo. Otherwise, you will get the authenticationinfo before modifying the password at the next login;

Java code

Similar to previous use cases; Here, call clearcachedauthorizationinfo of realm to clear the previously cached authorizationinfo;

In addition, there is clearcache, which calls clearcachedauthenticationinfo and clearcachedauthorizationinfo at the same time to clear the authenticationinfo and authorizationinfo.

Userrealm also provides clearallcachedauthorizationinfo, clearallcachedauthenticationinfo and clearallcache to empty the entire cache.

In some cases, this method may not be the best choice. You can consider directly discarding Shiro's cache, and then implement your own cache through AOP mechanism; Refer to:

https://github.com/zhangkaitao/es/tree/master/web/src/main/java/com/sishuok/es/extra/aop

https://github.com/zhangkaitao/es/blob/master/web/src/main/java/org/apache/shiro/cache/spring/SpringCacheManagerWrapper.java