Introduce Shiro

d59f6d02-1f45-3285-8983-4ea5f18111d5.png
Shiro can be used in

  • Authentication check current user has identity
  • Authorization check user‘s priority, what he can do
  • Session management when user not logout, it’s info will be storage in session.
  • Cryptography protect data, like password.
  • Web support easy integrate in web environment
  • caching like user‘s role/priority, for improve performence.
  • Concurrency support mulity thread priority share.
  • Testing test support.
  • Run as for user use other user’s mask
  • Remember me next time come, no more login.

Shiro wouldn’t maintain user/priority info

See shiro from outside

5e0e9b41-0cca-367f-8c87-a8398910e7a6.png

  • Subject represent a request entry from net, like user/ robot/ crawler
  • SecurityManager it’s the core of shiro, it’s the security executor.
  • Realm it’s the security data, like a class of user.

1. Use Subject to authentication and authorization, Subject entrust to SecurityManager
2. SecurityManager need Realm to judge whether a user is the use

See shiro from inside

9b959a65-799d-396e-b5f5-b4fcfe88f53c.png

  • Subject framework’s main body
  • SecurityManager like DispatcherServlet in SpringMVC, he controlls global; it’s shiro’s heart.
  • Authenticator this is a extention point
  • Authrizer the request controller, determain whether subject has priority to do so.
  • Realm maybe JDBC/ LDAP/ CAS
  • SessionManager manage session’s life cycle.
  • SessionDAO if we wan’t to put session into redis, we can implements SessionDao in ourselves.
  • CacheManager put user/role/priority into it, for improving performence.
  • Cryptography shiro improve some encryption module.