Introduction to Shiro framework

2019-01-10 • Java

This is the back-end small class of the monastery. Each article is shared from

[background introduction] [knowledge analysis] [common problems] [solutions] [coding practice] [extended thinking] [more discussion] [References]

Eight aspects of in-depth analysis of back-end knowledge / skills. This article shares:

[introduction to Shiro framework]

Introduction to Shiro framework

Hello, I'm tiemu'er, the 35th student of it Academy Beijing Branch. I'm an honest, pure and kind programmer. Today, I'd like to share with you the Java task expansion on the official website of the Academy

(1) Background:

Apache Shiro

Read as "sheeroh", which means "city" or "fortress" in Japanese

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro's easy to understand API, you can get any application quickly and easily, from the smallest mobile application to the largest network and enterprise application.

(2) Knowledge analysis:

Core components

Subject,SecurityManager,Realms

Frame structure

Subject: subject. It can be seen that the subject can be any "user" who can interact with the application;

Securitymanager: equivalent to dispatcher servlet in spring MVC or filterdispatcher in struts 2; It's Shiro's heart; All specific interactions are controlled through the securitymanager; It manages all subjects, and is responsible for authentication and authorization, session and cache management.

Authenticator: authenticator, which is responsible for principal authentication. This is an extension point. If users think Shiro's default is not good, they can customize the implementation; It requires authentication strategy, that is, when the user authentication is passed; authenticator: authorizer, or access controller, which is used to determine whether the subject has permission to perform corresponding operations; that is, it controls which functions the user can access in the application;

Realm: there can be one or more realms, which can be considered as the data source of security entity, that is, the data source used to obtain security entity; It can be implemented by JDBC, LDAP or memory; Provided by the user; Note: Shiro doesn't know where your user permissions are stored and in what format; Therefore, we generally need to implement our own realm in applications;

SessionManager: if you have written servlets, you should know the concept of session. Session needs someone to manage its life cycle. This component is SessionManager; Shiro can be used not only in the web environment, but also in ordinary javase environment, EJB and other environments; In all, Shiro abstracts a session of its own to manage the data interaction between the subject and the application; In this case, for example, when we used it in the web environment, it was a web server at the beginning; Then I went to an EJB server; At this time, if you want to put the session data of the two servers in one place, you can realize your own distributed session (such as putting the data on the memcached server);

Sessiondao: Dao has been used by everyone. Data access objects and crud for sessions. For example, if we want to save sessions to the database, we can implement our own sessiondao and write to the database through JDBC; For example, if you want to put a session into memcached, you can implement your own memcached sessiondao; In addition, in sessiondao, cache can be used for caching to improve performance;

CacheManager: cache controller to manage the cache of users, roles, permissions, etc; Because these data are rarely changed, putting them in the cache can improve the access performance

(3) Frequently asked questions:

What other security frameworks besides shrio

(4) Solution:

Spring Security

Shiro is easier to use than spring. The only reason why the implementation and most important understanding of spring security are better known is that the brand name "spring" is famous for its simplicity, but ironically, many people find it difficult to install spring security. However, Spring security has better community support. Apache Shiro has an additional module in spring security processing cryptography. Spring security is well integrated with spring. If the project uses spring MVC, it is very convenient to use. But if spring is not used in the project, don't consider it. Shiro is powerful, simple and flexible. It is a project under Apache. It is relatively reliable and does not bind to any framework or container. It can run independently

(5) Coding practice:

(6) Expand thinking:

(7) References:

https://mrbird.cc/Spring-Boot-shiro%20Authentication.html

http://jinnianshilongnian.iteye.com/blog/2018936

https://blog.csdn.net/liyuejin/article/details/77838868

(8) More discussion:

Q1: what other security frameworks besides shrio

A1：

Spring Security

Q2: does Shiro only support web environment A2: Shiro supports JavaEE and javase environments

Q3: what does Shiro's token mean A3: in the previous study, the token we used is a user credential stored in a cookie. In Shiro, there are self-defined tokens used to store user data in Shiro. This is similar, but the contents of tokens in Shiro are well specified and we only need to pass parameters in.

(9) Thanks:

Thank you for watching

(10) Conclusion:

That's all for today's sharing. You are welcome to like, forward, leave messages and make bricks~

Ppt link video link

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.

THE END

Java

二维码

Introduction to Shiro framework

< <上一篇

Java process control

下一篇>>

搜索内容

Introduction to Shiro framework

热门文章