Backend Development
PHP Tutorial
Apache Shiro User Manual (1) Introduction to Shiro Architecture
Apache Shiro User Manual (1) Introduction to Shiro Architecture
Apache Shiro User Manual (1) Introduction to Shiro Architecture
1. What is Shiro
Apache Shiro is a powerful and easy-to-use Java security framework that provides authentication, authorization, encryption and Session management and other functions:
Authentication-user identification, often called user "login";
Authorization-access control;
Password encryption-protect or hide data to prevent peeping;
Session Management - Time-sensitive state associated with each user.
For any application, Shiro can provide comprehensive security management services. And compared to other security frameworks, Shiro is much simpler.
2. Introduction to Shiro’s architecture
First, let’s take a look at Shiro’s three core components: Subject, SecurityManager and Realms. As shown below:
Subject: namely "current operating user". However, in Shiro, the concept of Subject does not only refer to people, but can also be third-party processes, background accounts (Daemon Accounts), or other similar things. It simply means "what the software is currently interacting with". But for most purposes and uses, you can think of it as Shiro's "user" concept.
Subject represents the security operations of the current user, and SecurityManager manages the security operations of all users.
SecurityManager: It is the core of the Shiro framework, a typical Facade mode. Shiro uses SecurityManager to manage internal component instances and provide various services for security management through it.
Realm: Realm acts as a "bridge" or "connector" between Shiro and application security data. That is to say, when performing authentication (login) and authorization (access control) verification on a user, Shiro will look up the user and their permission information from the Realm configured in the application.
In this sense, Realm is essentially a security-related DAO: it encapsulates the connection details of the data source and provides relevant data to Shiro when needed. When configuring Shiro, you must specify at least one Realm for authentication and/or authorization. It is possible to configure multiple Realms, but at least one is required.
Shiro has built-in Realm that can connect to a large number of secure data sources (also known as directories), such as LDAP, relational databases (JDBC), INI-like text configuration resources, and property files. If the default Realm does not meet your needs, you can also plug in your own Realm implementation that represents a custom data source.
Shiro complete architecture diagram:
In addition to the three core components of Subject, SecurityManager and Realm mentioned above, Shiro’s main components also include:
Authenticator: Authentication is the process of verifying user identity. A common example of this process is the familiar "user/password" combination. When most users log into a software system, they usually provide their username (the principal) and the password that supports them (the certificate). If the password (or password representation) stored in the system matches the one provided by the user, they are considered authenticated.
Authorizer: Authorization is essentially access control - controlling what content in the application users can access, such as resources, web pages, etc.
SessionManager: In the world of security frameworks, Apache Shiro offers something unique: consistent use of the Session API at any application or architecture layer. That is, Shiro provides a conversational programming paradigm for any application - from small backend standalone applications to large clustered web applications. This means that application developers who wish to use sessions are not forced to use a Servlet or EJB container. Alternatively, if these containers are being used, developers can now choose to use a consistent session API at any layer instead of Servlet or EJB mechanisms.
CacheManager: Provides caching support for other components of Shiro.
The above is the content of the Apache Shiro User Manual (1) Shiro Architecture Introduction. For more related content, please pay attention to the PHP Chinese website (www.php.cn)!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to set the cgi directory in apache
Apr 13, 2025 pm 01:18 PM
To set up a CGI directory in Apache, you need to perform the following steps: Create a CGI directory such as "cgi-bin", and grant Apache write permissions. Add the "ScriptAlias" directive block in the Apache configuration file to map the CGI directory to the "/cgi-bin" URL. Restart Apache.
What to do if the apache80 port is occupied
Apr 13, 2025 pm 01:24 PM
When the Apache 80 port is occupied, the solution is as follows: find out the process that occupies the port and close it. Check the firewall settings to make sure Apache is not blocked. If the above method does not work, please reconfigure Apache to use a different port. Restart the Apache service.
How to connect to the database of apache
Apr 13, 2025 pm 01:03 PM
Apache connects to a database requires the following steps: Install the database driver. Configure the web.xml file to create a connection pool. Create a JDBC data source and specify the connection settings. Use the JDBC API to access the database from Java code, including getting connections, creating statements, binding parameters, executing queries or updates, and processing results.
How to view your apache version
Apr 13, 2025 pm 01:15 PM
There are 3 ways to view the version on the Apache server: via the command line (apachectl -v or apache2ctl -v), check the server status page (http://<server IP or domain name>/server-status), or view the Apache configuration file (ServerVersion: Apache/<version number>).
How to start apache
Apr 13, 2025 pm 01:06 PM
The steps to start Apache are as follows: Install Apache (command: sudo apt-get install apache2 or download it from the official website) Start Apache (Linux: sudo systemctl start apache2; Windows: Right-click the "Apache2.4" service and select "Start") Check whether it has been started (Linux: sudo systemctl status apache2; Windows: Check the status of the "Apache2.4" service in the service manager) Enable boot automatically (optional, Linux: sudo systemctl
How to delete more than server names of apache
Apr 13, 2025 pm 01:09 PM
To delete an extra ServerName directive from Apache, you can take the following steps: Identify and delete the extra ServerName directive. Restart Apache to make the changes take effect. Check the configuration file to verify changes. Test the server to make sure the problem is resolved.
How to view the apache version
Apr 13, 2025 pm 01:00 PM
How to view the Apache version? Start the Apache server: Use sudo service apache2 start to start the server. View version number: Use one of the following methods to view version: Command line: Run the apache2 -v command. Server Status Page: Access the default port of the Apache server (usually 80) in a web browser, and the version information is displayed at the bottom of the page.
How to solve the problem that apache cannot be started
Apr 13, 2025 pm 01:21 PM
Apache cannot start because the following reasons may be: Configuration file syntax error. Conflict with other application ports. Permissions issue. Out of memory. Process deadlock. Daemon failure. SELinux permissions issues. Firewall problem. Software conflict.
