分类 - Apache Shiro

? Apache Shiro ? ? Spring Mvc ?    2016-08-01 13:42:49    409    0    0

在Spring MVC中使用Apache Shiro安全框架

我们在这里将对一个集成了Spring MVC+Hibernate+Apache Shiro的项目进行了一个简单说明。这个项目将展示如何在Spring MVC 中使用Apache Shiro来构建我们的安全框架。


  • Maven 3环境
  • Mysql-5.6+
  • JDK1.7+
  • git环境
  • git.oschina.net帐号
  • Apache Tomcat 7+
  • 您熟练掌握的编辑工具,推荐使用InterlliJ IDEA 14+






Name Type Length Describ
id int 11 用户表的主键
password varchar 255 密码
username varchar 255 用户名,全局唯一,shiro将使用用户名来锁定安全数据中的用户数据。


? Apache Shiro ?    2016-07-25 13:49:52    310    0    0

From:Securing Web Applications with Apache Shiro

这个教程将一步一步的讲解如何在一个web应用中使用Apache Shiro来构建安全框架。阅读之前,我们假设您已经掌握或者阅读了如下两篇文章:

这篇文章的阅读时间大概在45分钟到1小时之间。在你阅读完这篇文章后,你也许会对如何在一个web应用中使用Apache Shiro有一个很好的了解。


2016-07-13 18:32:57    307    0    0

If you’re new to Apache Shiro, this short tutorial will show you how to set up an initial and very simple application secured by Apache Shiro. We’ll discuss Shiro’s core concepts along the way to help familiarize you with Shiro’s design and API.

If you don’t want to actually edit files as you follow this tutorial, you can obtain a nearly identical sample application and reference it as you go. Choose a location:


In this simple example, we’ll create a very simple command-line application that will run and quickly exit, just so you can get a feel for Shiro’s API.

这是一个command-line application的例子,跟10分钟教程里的类似。什么是command-line application?可以简单理解为就是一个纯JAVA的程序。

Any Application
? Apache Shiro ?    2016-07-08 14:51:36    289    0    0


【简介】:Apache Shiro十分钟教程,入门级教程,主要讲述shiro的API,使读者对API有一个大概的认识。从中我们也不难看出shiro是能够脱离容器和服务器运行的。

Welcome to Apache Shiro’s 10 Minute Tutoral!

By going through this quick and simple tutorial you should fully understand how a developer uses Shiro in their application. And you should be able to do it in under 10 minutes.



What is Apache Shiro?

Apache Shiro is a powerful and easy to use Java security framework that offers developers an intuitive yet comprehensive solution to authentication, authorization, cryptography, and session management.


In practical terms, it achieves to manage all facets of your application’s security, while keeping out of the way as much as possible. It is built on sound interface-driven design and OO principles, enabling custom behavior wherever you can imagine it. But with sensible defaults for everything, it is as “hands off”

? Apache Shiro ?    2016-07-07 15:42:39    304    0    0

Apache Shiro Terminology

Please just take 2 minutes to read and understand this - it is really important. Really. The terms and concepts here are referred to everywhere in the documentation and it will greatly simplify your understanding of Shiro and security in general.


Security can be really confusing because of the terminology used. We’ll make life easier by clarifying some core concepts and you’ll see how nicely the Shiro API reflects them:

安全框架很难理解,那是因为其中包含了很多专业术语。我们将阐述一些核心概念,帮助你轻松的了解shiro,并且揭示shiro api如何清晰的体现这些核心概念。

  • Authentication

    Authentication is the process of verifying a Subject’s identity - essentially proving that someone really is who they say they are. When an authentication attempt is successful the application can trust that the subject is guaranteed to be who the application expects.

? Apache Shiro ?    2016-07-07 13:29:03    390    0    0

What is Apache Shiro?

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management and cryptography.

Apache Shiro 是一个功能强大和灵活的开源安全框架,清晰的集成了身份认证、授权、企业级的会话管理和加密。

Apache Shiro’s first and foremost goal is to be easy to use and understand. Security can be very complex at times, even painful, but it doesn’t have to be. A framework should mask complexities where possible and expose a clean and intuitive API that simplifies the developer’s effort to make their application(s) secure.

Apache Shiro的首要目标是简单易用。应用的安全的设计有时是很复杂,甚至是痛苦的,Shiro并不是这样的。Shiro是一个尽可能隐藏其复杂性,并提供清晰和直管的API来简化开发工作的一个安全框架。

Here are some things that you can do with Apache Shiro:


  • Authenticate a user to verify their identity


  • Perform access control for a user, such as:
    – Determine if a user is assigned a certain security role or not