shiro是什么?
shiro是一个安全框架
shiro能做什么?
- 鉴证一个用户合适他的身份
- 完成对于一个用户的访问控制,例如:(1)、确定用户是否被分配了一定的安全角色(2)确定是否用户被允许操作一些东西
- 在任何环境中使用Session API,即使没有web或者EJB容器。
- 在认证、访问控制或者是session的生命周期中事件驱动
- Aggregate 1 or more data sources of user security data and present this all as a single composite user ‘view’.
- 提供单点登录功能
- 提供“记住我”功能
- 。。。。。等等
shiro组成及特点
- Authentication: Sometimes referred to as ‘login’, this is the act of proving a user is who they say they are.身份验证
- Authorization: The process of access control, i.e. determining ‘who’ has access to ‘what’.授权认证
- Session Management: Managing user-specific sessions, even in non-web or EJB applications.会话管理
- Cryptography: Keeping data secure using cryptographic algorithms while still being easy to use.加密
除此之外的其他支持:
- web support
- caching
- concurrency
- testing
- “Run As”
- “Remember me”