Shiro Security with Spring in WebApplication
Things to know before starting with SHIRO security. Get familiar with the following terms Subject : A subject is a security specific view of a user. User usually denotes a human being. But a subject could be human or something else. Subject is associated with a Session. Subject contains methods like login/logout. Session: This is Shiro specific instance of Session. In a web environment it is HTTPSession. Biggest take away here is you don't need an HTTP environment or EJB environment to use Shiro as the session is Shiro specific. Session object gives you all the facilities of HTTPSession plus some extra goodies. Principal : Principal is the identifier used to identify the user. It could be user name. Credential: Credential is used to prove the identity of the user. Example is the…