Shiro can be used in
- Authentication check current
user
has identity - Authorization check
user
‘s priority, what he can do - Session management when
user
not logout, it’s info will be storage in session. - Cryptography protect data, like password.
- Web support easy integrate in web environment
- caching like
user
‘s role/priority, for improve performence. - Concurrency support mulity thread priority share.
- Testing test support.
- Run as for
user
use other user’s mask - Remember me next time come, no more login.
Shiro wouldn’t maintain user/priority info
See shiro from outside
- Subject represent a request entry from net, like user/ robot/ crawler
- SecurityManager it’s the core of shiro, it’s the security executor.
- Realm it’s the security data, like a class of user.
1. Use Subject to authentication and authorization, Subject entrust to SecurityManager
2. SecurityManager need Realm to judge whether a user is the use
See shiro from inside
- Subject framework’s main body
- SecurityManager like
DispatcherServlet
in SpringMVC, he controlls global; it’s shiro’s heart. - Authenticator this is a extention point
- Authrizer the request controller, determain whether subject has priority to do so.
- Realm maybe JDBC/ LDAP/ CAS
- SessionManager manage session’s life cycle.
- SessionDAO if we wan’t to put session into redis, we can implements SessionDao in ourselves.
- CacheManager put user/role/priority into it, for improving performence.
- Cryptography shiro improve some encryption module.