Shiro (Security Framework)
1. Introduction
Official link: shiro.apache.org/
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, password, and session management. Using Shiro’s easy-to-understand apis, you can quickly and easily obtain any application, from the smallest mobile applications to the largest web and enterprise applications.
Three core components:
- Subject
- SecurityManager
- Realms
Subject: indicates the current user. However, in Shiro, the concept of Subject does not just refer to people. It can also be a third-party process, a Daemon Account, or something similar. It simply means “what is currently interacting with the software.”
Subject represents the security actions of the current user, and SecurityManager manages the security actions of all users.
SecurityManager: It is the core of Shiro’s framework, a typical Facade pattern through which Shiro manages internal component instances and provides various services for security management.
Realm: Realm acts as a “bridge” or “connector” between Shiro and application security data. That is, when authenticating a user (login) and authenticating a user (access control), Shiro looks up the user and their permission information from an application-configured Realm.
Want to see the source code!!
Refer to the link
Springboot + Shiro permission management. This is probably the most detailed, cleanest code, and simplest shiro hands-on project yet.
Gitee.com/yadong.zhan…