SHIRO 基本概念
SHIRO 概念 git
// 官方術語 請多花時間理解 不限於shiro 任何技術都是如此 值得不少人學習 app
Apache Shiro Terminology
Please just take 2 minutes to read and understand this - it is really important ide
Authentication 學習
認證,告訴系統 當前操做人是那個 / 系統進行驗證 你給的信息 this
Authorization
訪問控制 決定當前操做人是否有權限訪問某個資源 idea
Cipher
A cipher is an algorithm for performing encryption or decryption. The algorithm generally relies on a piece of information called a key. And the encryption varies based on the key so decyrption is extremely difficult without it.
Ciphers come in different variations. Block Ciphers work on blocks of symbols usually of a fixed size while Stream Ciphers work on a continuous stream of symbols. Symmetric Ciphers use the same key for encryption and decryption while Asymmetric Ciphers use different keys. And if a key in an asymmetric cipher cannot be derived from the other, then one can be shared publicly creating public/private key pairs. spa
Credential
A Credential is a piece of information that verifies the identity of a user/Subject. One (or more) credentials are submitted along with Principal(s) during an authentication attempt to verify that the user/Subject submitting them is actually the associated user. Credentials are usually very secret things that only a particular user/Subject would know, such as a password or a PGP key or biometric attribute or similar mechanism.
The idea is that for a principal, only one person would know the correct credential to 'pair' with that principal. If the current user/Subject provides the correct credential matching the one stored in the system, then the system can assume and trust that the current user/Subject is really who they say they are. The degree of trust increases with more secure credential types (e.g. biometric signature > password). 線程
Cryptography
Cryptography is the practice of protecting information from undesired access by hiding it or converting it into nonsense so know one else can read it. Shiro focuses on two core elements of Cryptography: ciphers that encrypt data like email using a public or private key, and hashes (aka message digests) that irreversibly encrypt data like passwords. 設計
Hash
A Hash function is a one-way, irreversible conversion of an input source, sometimes called the message, into an encoded hash value, sometimes called the message digest. It is often used for passwords, digital fingerprints, or data with an underlying byte array. code
Permission
A Permission, at least as Shiro interprets it, is a statement that describes raw functionality in an application and nothing more. Permissions are the lowest-level constructs in security policies. They define only "What" the application can do. They do not describe "Who" is able to perform the actions. A Permission is only a statement of behavior, nothing more.
在個人理解:權限設計裏面的最小單元
Principal
A Principal is any identifying attribute of an application user (Subject). An 'identifying attribute' can be anything that makes sense to your application - a username, a surname, a given name, a social security number, a user ID, etc. That's it - nothing crazy.
Shiro also references something we call a Subject's primary principal. A Primary principal is any principal that uniquely identifies theSubject across the entire application. Ideal primary principals are things like a username or a user ID that is a RDBMS user table primary key. There is only one primary principal for users (Subjects) in an application.
當前驗證用戶的惟一標示符
Realm
A Realm is a component that can access application-specific security data such as users, roles, and permissions. It can be thought of as a security-specific DAO (Data Access Object). The Realm translates this application-specific data into a format that Shiro understands so Shiro can in turn provide a single easy-to-understand Subject programming API no matter how many data sources exist or how application-specific your data might be.
Realms usually have a 1-to-1 correlation with a data source such as a relational database, LDAP directory, file system, or other similar resource. As such, implementations of the Realm interface use data source-specific APIs to discover authorization data (roles, permissions, etc), such as JDBC, File IO, Hibernate or JPA, or any other Data Access API.
和數據源1對1
Role
在權限設計裏面 我理解爲 Permission的包, 注意:系統中 並不是只有權限纔有role定義
Session
直接理解爲 可用於非WEB 環境中 httpSession
Subject
It is basically a representation of any entity that is doing something with the application.
OOP 抽象 子應用 ? 線程 ? 用戶 ? 隨意劃分
- 1. shiro基礎概念
- 2. Apache Shiro基本概念瞭解
- 3. Apache Shiro 基礎概念
- 4. shiro概念(轉)
- 5. 基本概念
- 6. 概述(基本概念)
- 7. EntityManager基本概念
- 8. mybatis基本概念
- 9. kubernetes基本概念
- 10. DDC基本概念
- 更多相關文章...
- • Lua 基本語法 - Lua 教程
- • C# 基本語法 - C#教程
- • Kotlin學習(二)基本類型
- • Kotlin學習(一)基本語法
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 在windows下的虛擬機中,安裝華爲電腦的deepin操作系統
- 2. 強烈推薦款下載不限速解析神器
- 3. 【區塊鏈技術】孫宇晨:區塊鏈技術帶來金融服務的信任變革
- 4. 搜索引起的鏈接分析-計算網頁的重要性
- 5. TiDB x 微衆銀行 | 耗時降低 58%,分佈式架構助力實現普惠金融
- 6. 《數字孿生體技術白皮書》重磅發佈(附完整版下載)
- 7. 雙十一「避坑」指南:區塊鏈電子合同爲電商交易保駕護航!
- 8. 區塊鏈產業,怎樣「鏈」住未來?
- 9. OpenglRipper使用教程
- 10. springcloud請求一次好用一次不好用zuul Name or service not known
- 1. shiro基礎概念
- 2. Apache Shiro基本概念瞭解
- 3. Apache Shiro 基礎概念
- 4. shiro概念(轉)
- 5. 基本概念
- 6. 概述(基本概念)
- 7. EntityManager基本概念
- 8. mybatis基本概念
- 9. kubernetes基本概念
- 10. DDC基本概念