Apache Shiro
What it is?
In a one line we can say that ‘It is a powerful and easy to use Java security framework.’
Apache shiro is a powerful and flexible open - source security framework that cleanly handles authentication, authorization, enterprise session management and cryptography.
What can do with shiro?
lAuthenticate a user to verify their identity.
lPerform access control for the user, such as :
nDetermine if a user is assigned a certain security role or not.
nDetermine if a user is permitted to do something or not.
lUse a session API in any environment, even without web or EJB container.
lReact to events during authentication, access control, or during a session’s lifetime.
lAggregate 1 or more data sources of user security data and present this all as a single composite user 'view'.
lEnable Single Sign On (SSO) functionality.
lEnable 'Remember Me' services for user association without login.
...
and much more - all integrated into a cohesive easy-to-use API.
and much more - all integrated into a cohesive easy-to-use API.
Where it can be used?
Shiro attempts to achieve these goals for all application environments - from the simplest command line application to the largest enterprise applications, without forcing dependencies on other 3rd party frameworks, containers, or application servers.
Detailed feature of Shiro :
Apache Shiro is a comprehensive application security framework with many features. The following diagram shows where Shiro focuses its energy, and this reference manual will be organized similarly:
lAuthentication: Sometimes referred to as 'login', this is the act of proving a user is who they say they are.
lAuthorization: The process of access control, i.e. determining 'who' has access to 'what'.
lSession Management: Managing user-specific sessions, even in non-web or EJB applications.
lCryptography: Keeping data secure using cryptographic algorithms while still being easy to use.
There are also additional features to support and reinforce these concerns in different application environments, especially:
lWeb Support: Shiro's web support APIs help easily secure web applications.
lCaching: Caching is a first-tier citizen in Apache Shiro's API to ensure that security operations remain fast and efficient.
lConcurrency: Apache Shiro supports multi-threaded applications with its concurrency features.
lTesting: Test support exists to help you write unit and integration tests and ensure your code will be secured as expected.
l"Run As": A feature that allows users to assume the identity of another user (if they are allowed), sometimes useful in administrative scenarios.
l"Remember Me": Remember users' identities across sessions so they only need to log in when mandatory.
Feature for Web App :
lSimple ShiroFilter web.xml definition : You can enable Shiro for a web application with one simple filter definition in web.xml.
lProtects all URLs : Shiro can protect any type of web request that comes into your system. For example, dynamically generated pages, REST request, etc.
lInnovative Filtering (URL-specific chains) : Defining URL specific filter chains is much easier and more intuitive than using web.xml because, in Shiro, you can explicitly specify which filters you want to execute for each path and in what order. And with Shiro you can have path-specific configuration for each filter in that chain.
lJSP Tag support : The JSP tags allow you to easily control page output based on the current user’s state and access rights.
lTransparent HttpSession support : If you are using Shiro’s native sessions, we have implemented HTTP Session API and the Servlet 2.5 API so you don’t have to change any of your existing web code to use Shiro.
No comments:
Post a Comment