Java development: common English words and uses of shiro framework

shiro is a security framework developed for Java under apache, which is used for authentication, authorization, password encryption and session management. Let's share the common English words in the shiro framework and share them with you.

Authentication: Authentication/Login. Verify that the identity has a corresponding identity.

Authorization: Management of authorization and permissions to verify whether a user has a certain permission.

SessionManager: Session management, that is, a session of a user after logging in, all information before the user is logged out will be saved in this session. A session can be in a javase environment or a web environment.

Cryptography: Encryption, the security of user data, the information in the database is not displayed with a plaintext password, but an encrypted password.

caching: Cache, for example, the roles/permissions in the user do not need to be queried after logging in again, which can improve efficiency.

Testing: supports testing.

Run as: Allows one user to pretend another user has access with another user's permissions.

Remember me: Remember me, you can log in next time.

Subject: Subject, representing a user, this user is not necessarily a real user, anything that interacts with the previous application can be this subject

SecurityManager: Security Manager, all security related operations interact with SecurityManager. It is the core of shiro, which can be regarded as the dispatchservlet front controller in springmvc.

Realm: domain, shiro obtains security information (such as users, roles, permissions) from realm for permission management. It can be regarded as a data source datasource

shiro : Do not provide maintenance users/permissions, but let it be injected through realm.

Subject: is the user principal that interacts with the application.

SecurityManager: is the main body of shiro, similar to dispatchservlet in springmvc. A series of controls are carried out, including authentication, authorization, session management and other operations.

Authentication: Verify, verify user information.

Authorizer: Authorization, verifying whether the user has a certain permission. Which features in the app can be used by authorized users.

Realm: Realm is a place to obtain security information. There are three commonly used ones, iniRealm, jdbcRealm, and custom Realm.

SessionManager: Session management, the user's session information is stored here.

SessionDao: Everyone has used Dao, data access object, CRUD for session, for example, if we want to save the session to the database, then we can implement our own SessionDAO and write to the database through JDBC; for example, if we want to put the session in Memcached, You can implement your own Memcached SessionDAO; in addition, Cache can be used in SessionDAO for caching to improve performance;

CacheManager: Cache management. To manage caches such as users, roles, permissions, etc.

Cryptography: The cryptography module, Shiro improves some common cryptographic components used such as cryptographic encryption/decryption.