What is the operating principle of the Shiro framework?

The operating principle of the Shiro framework is to achieve permission control and identity authentication through a series of components and filters. The following are the main components and operating principles of the Shiro framework.

1. Subject: The core entity of Shiro, representing the current user. The subject can be a person or any other system user.
2. The SecurityManager is responsible for managing all Subjects, coordinating the authentication and authorization processes. It is the core of the Shiro framework, handling functions such as authentication, authorization, and session management.
3. Realm (data source): used for verifying user identity and obtaining user roles and permissions information. The Realm is primarily responsible for retrieving authentication and authorization information from the data source.
4. Identity verification is the process of confirming a user’s identity, typically done through a combination of a username and password.
5. Authorization: Based on the user’s identity and permissions, it is determined whether the user has the right to perform a certain operation.
6. Session Management: With the session management feature in Shiro framework, user state can be maintained across different requests.
7. Filter: The Shiro framework uses filters for access control and permission verification. Before a request reaches the server, the filter preprocesses the request to determine if it should be allowed access.

The operating principle of the entire Shiro framework can be summarized as follows: when a user initiates a request, the Shiro framework first intercepts and preprocesses the request through filters. Then, based on the configured Realm, the framework retrieves the user’s authentication and authorization information from the data source. Next, the Shiro framework uses the SecurityManager for user authentication and permission control. Finally, the framework returns the authentication and authorization results to the application, which can then decide whether to allow users to perform the corresponding operations based on the results.