shiro.mgt.SecurityManager; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.Factory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; 最自然的方式是基于当前用户。 Shiro 的 API 使用它的 Subject 概念从根本上代表了“当前用户”的概念。 几乎在所有的环境中，你可以通过下面的调用获取当前正在执行的用户： 使用 SecurityUtils.getSubject()，我们可以获得当前正在执行的 Subject。Subject 是一个安全术语，它基本上的意思是 “当前正在执行的用户的特定的 界，术语"Subject"可以表示为人类，而且可是第三方进程，cron job，daemon account，或其他类似的东西。它仅仅 意味着“该事物目前正与软件交互”。对于大多数的意图和目的，你可以把 Subject 看成是 Shiro 的"User"概念。 getSubject()在一个独立的应用程序中调用，可以返回一个在应用程序特定位置的基于用户数据的 Subject，并且在服 务器环境中（例如，Web

11. Caching 缓存 12. Concurrency & Multithreading 并发与多线程 13. Testing 测试 14. Custom Subjects 自定义 Subject V. Integration 整合 15. Spring Framework 16. Guice 17. CAS VI. Tools 工具 Apache Shiro 1.2.x Reference shiro.mgt.SecurityManager; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.Factory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; 提供了'the current user'概念，即 Subject。 在几乎所有的环境中，你可以通过如下语句得到当前用户的信息： Subject currentUser = SecurityUtils.getSubject(); 使用 SecurityUtils.getSubject()，我们可以获取当前执行的Subject，Subject是一个安全术语 意思是“当前运行用户的指定安全视图（a

.......................................................................................... 58 SUBJECT ................................................................................................ 可以看到：应用代码直接交互的对象是Subject，也就是说Shiro的对外API核心就是Subject； 其每个 API 的含义： Subject：主体，代表了当前“用户”，这个用户不一定是一个具体的人，与当前应用交互 的任何东西都是 Subject，如网络爬虫，机器人等；即一个抽象概念；所有 Subject 都绑定 到 SecurityManager，与 Subject 的所有交互都会委托给 SecurityManager；可以把 SecurityManager；可以把 Subject 认 为是一个门面；SecurityManager 才是实际的执行者； SecurityManager：安全管理器；即所有与安全有关的操作都会与 SecurityManager 交互； 且它管理着所有 Subject；可以看出它是 Shiro 的核心，它负责与后边介绍的其他组件进行 交互，如果学习过 SpringMVC，你可以把它看成 DispatcherServlet

Authentication instance to build and register a Shiro instance. It also removes the Shiro credentials when Subject you explicitly logout. 1.1 History Version 1.0.0 released December 7, 2015 Version 1.0-RC1 standard methods will work: Subject import org.apache.shiro.SecurityUtils org.apache.shiro.subject.Subject import ... Subject subject = SecurityUtils.getSubject() subject.checkPermission('printer:print:lp7200') print:lp7200') subject.isPermitted('printer:print:lp7200') subject.checkRole('ROLE_ADMIN') subject.hasRole('ROLE_ADMIN') subject.isAuthenticated() … etc 5 3 Configuration There are a few configuration

Authentication instance to build and register a Shiro instance. It also removes the Shiro credentials when Subject you explicitly logout. 1.1 History Version 0.1 released January 06, 2013 4 2 Usage The first standard methods will work: Subject import org.apache.shiro.SecurityUtils org.apache.shiro.subject.Subject import ... Subject subject = SecurityUtils.getSubject() subject.checkPermission('printer:print:lp7200') print:lp7200') subject.isPermitted('printer:print:lp7200') subject.checkRole('ROLE_ADMIN') subject.hasRole('ROLE_ADMIN') subject.isAuthenticated() … etc 6 3 Configuration There are a few configuration

authentication events and uses the Spring Security Authentication instance to build and register a Shiro Subject instance. It also removes the Shiro credentials when you explicitly logout. 1.1. History • Version but the standard Subject methods will work: import org.apache.shiro.SecurityUtils import org.apache.shiro.subject.Subject ... Subject subject = SecurityUtils.getSubject() subject.checkPermission(' checkPermission('printer:print:lp7200') subject.isPermitted('printer:print:lp7200') subject.checkRole('ROLE_ADMIN') subject.hasRole('ROLE_ADMIN') subject.isAuthenticated() ... etc 5 Chapter 3. Configuration There

has been changed from false to true . This means that core clients will now expect the CN or Subject Alternative Name values of the broker's SSL certificate to match the hostname in the client's URL precedence and this property will be ignored. verifyHost When used on a connector the CN or Subject Alternative Name values of the server's SSL certificate will be compared with the hostname being a match. This is useful for both 1-way and 2- way SSL. When used on an acceptor the CN or Subject Alternative Name values of the connecting client's SSL certificate will be compared to its hostname

has been changed from false to true . This means that core clients will now expect the CN or Subject Alternative Name values of the broker's SSL certificate to match the hostname in the client's URL precedence and this property will be ignored. verifyHost When used on a connector the CN or Subject Alternative Name values of the server's SSL certificate will be compared with the hostname being a match. This is useful for both 1-way and 2- way SSL. When used on an acceptor the CN or Subject Alternative Name values of the connecting client's SSL certificate will be compared to its hostname

has been changed from false to true . This means that core clients will now expect the CN or Subject Alternative Name values of the broker's SSL certificate to match the hostname in the client's URL precedence and this property will be ignored. verifyHost When used on a connector the CN or Subject Alternative Name values of the server's SSL certificate will be compared with the hostname being a match. This is useful for both 1-way and 2- way SSL. When used on an acceptor the CN or Subject Alternative Name values of the connecting client's SSL certificate will be compared to its hostname

security-settings will take effect immediately. Any new clients will subject to the new security settings. Any existing clients will subject to the new settings as well, as soon as they performs a new security-sensitive disable authentication. Useful as an optimisation when this module is used just for role mapping of a Subject's existing authenticated principals; default is false . referral - specify how to handle referrals; is mapped to a subject DN, encoded as a string (where the string encoding is specified by RFC 2253). For example, the system username is mapped to the CN=system,O=Progress,C=US subject DN. When performing