Research And Application Of Java Security Framework Shiro In Web

With the rapid development of the Internet, the security of Web application is becoming more and more important. In order to protect the sensitive information of the users and enterprises in Web application, authentication and authorization module has become an indispensable part of Web application. But with a lot of coding work to do and complex code logic to deal with, software developers are so needy for a framework to help them solve the security requirements easily and efficiently.First of all, this paper studies the mainstream Java security framework Shiro and get to know that Shiro is a simple and powerful security framework, which can be coupled with a lot of third square frame, and can be used in any application environment. Then by describes related knowledge of the four basic functions in Shiro: authentication, authorization, session management, encryption, as well as the wildcard permissions system, we lay the foundation for the latter using Shiro to complete security module.Then, in view of the actual project Duoer network, this paper analysizes its security requirements in web application concerning its business: login authentication requirements, browser requests interception requirements and user privilege management requirements.In the light of the security requirements of Duoer network, we firstly use Shiro filter to intercept the browser requests, making mandatory safety rules flexible and configurable. Then Shiro’s authentication function is used to realize the authentication system which can feedback the exception log of user account. Finally, we finish the multi-layers and fine-grained access control system by using Shiro’s wildcard permission system, and puts forward a solution for permission configuration workload by presetting permissions.Finally, by testing the security module of Duoer network, the results show that Shiro indeed help to complete the design and implementation of the security module in Duoer network. And in the process of software development, the original code in web applicaion is not affected by the Shiro framework. The Shiro’s packaged authentication, authorization processes and JSTL tags also make the workload of coding greatly reduced.In summary, as a security framework, Shiro really helps software developers a lot in solving the security needs easily and efficiently.