相关概念
什么是Apache Shiro
官方解释:
Apache Shiro (pronounced “shee-roh”, the Japanese word for ‘castle’) is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management and can be used to secure any application - from the command line applications, mobile applications to the largest web and enterprise applications.
Shiro provides the application security API to perform the following aspects (I like to call these the 4 cornerstones of application security):
Authentication - proving user identity, often called user ‘login’.
Authorization - access control
Cryptography - protecting or hiding data from prying eyes
Session Management - per-user time-sensitive state
Shiro also supports some auxiliary features, such as web application security, unit testing, and multithreading support, but these exist to reinforce the above four primary concerns.
翻译:
Apache Shiro(发音为“ shee-roh”,日语为“ castle”)是一种功能强大且易于使用的Java安全框架,可执行身份验证,授权,加密和会话管理,可用于保护任何应用程序的安全-从命令行应用程序,移动应用程序到最大的Web和企业应用程序。
Shiro提供了用于执行以下方面的应用程序安全性API(我将其称为应用程序安全性的4个基石):
身份验证-证明用户身份,通常称为用户“登录”。
授权-访问控制
密码学-保护或隐藏数据以防窥视
会话管理-每个用户的时间敏感状态
Shiro还支持一些辅助功能,例如Web应用程序安全性,单元测试和多线程支持,但它们的存在是为了加强上述四个主要方面。
总结:
1.功能强大且易于使用的Java安全框架;
2.主要用户身份验证,授权,加密和会话管理;
3.提供了2中提到的四个方面的应用程序安全性API
4.还有一些辅助功能:web应用程序安全性、单元测试、多线程支持等等
为什么要使用Apache Shiro
官方解释
Why would you use Apache Shiro today?
The framework landscape has changed quite a bit since 2003, so there should still be a compelling reason to use Shiro today. There are quite a few reasons actually. Apache Shiro is:
Easy To Use - Ease of use is the project’s ultimate goal. Application security can be extremely confusing and frustrating and thought of as a ‘necessary evil’. If you make it so easy to use that novice programmers can start using it, it doesn’t have to be painful anymore.
Comprehensive - There is no other security framework with the breadth of scope that Apache Shiro claims, so it can likely be your ‘one stop shop’ for your security needs.
Flexible - Apache Shiro can work in any application environment. While it works in web, EJB, and IoC environments it does not require them. Nor does Shiro mandate any specification or even have many dependencies.
Web Capable - Apache Shiro has fantastic web application support, allowing you to create flexible security policies based on application URLs and web protocols (e.g. REST), while also providing a set of JSP libraries to control page output.
Pluggable - Shiro’s clean API and design patterns make it easy to integrate with many other frameworks and applications. You’ll see Shiro integrated seamlessly with frameworks like Spring, Grails, Wicket, Tapestry, Mule, Apache Camel, Vaadin, and many others.
Supported - Apache Shiro is part of the Apache Software Foundation, an organization proven to act in the best interest of its community. The project development and user groups have friendly citizens ready to help. Commercial companies like Katasoft also provide professional support and services if desired.
翻译
要使用Apache Shiro?
自2003年以来,框架环境发生了很大变化,因此今天仍然有充分的理由使用Shiro。实际上有很多原因。Apache Shiro是:
易于使用 -易于使用是该项目的最终目标。应用程序安全性可能非常令人困惑和沮丧,并被视为“必要的邪恶”。如果您使它 易于使用,以使新手程序员可以开始使用它,那么就不必再痛苦了。
全面 -Apache Shiro声称没有其他具有范围广度的安全框架,因此它很可能是满足安全需求的“一站式服务”。
灵活 -Apache Shiro可以在任何应用程序环境中工作。尽管它可以在Web,EJB和IoC环境中运行,但并不需要它们。Shiro也不要求任何规范,甚至没有很多依赖性。
具有Web功能 -Apache Shiro具有出色的Web应用程序支持,允许您基于应用程序URL和Web协议(例如REST)创建灵活的安全策略,同时还提供一组JSP库来控制页面输出。
可插拔 -Shiro干净的API和设计模式使它易于与许多其他框架和应用程序集成。您会看到Shiro与Spring,Grails,Wicket,Tapestry,Mule,Apache Camel,Vaadin等框架无缝集成。
支持 -Apache Shiro是Apache Software Foundation(Apache软件基金会)的一部分,该组织被证明以其社区的最大利益行事。项目开发和用户群体友好的公民随时可以提供帮助。如果需要,像Katasoft这样的商业公司也可以提供专业的支持和服务。
总结(具体相关对应点解释查看上文翻译)
1.易于使用;
2.全面 ;
3.灵活;
4.Web能力;
5.可插拔;
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
