Performance • Migration • Model Relationship ## CoreData or Realm ## I nsert 100k Realm 0.96.3 CoreData iOS 9.2 次数 ## Query from 400k Realm 0.96.3 CoreData iOS 9.2 ![Image](/uploads/documents/9/1/ 400k Realm 0.96.3 CoreData iOS 9.2 ## CoreData • Build in Support • Package Size • GUI Support ## Realm • Great Threading Support • Faster • But Fat ## Threading CoreData Notification Realm Sync

验证（登录）及授权（访问控制）的用户帐户交互时，Shiro 从一个或多个为应用程序配置的 Realm 中寻找许多这样的东西。 在这个意义上说，Realm 本质上是一个特定安全的 DAO：它封装了数据源的连接详细信息，使 Shiro 所需的相关数据可用。当配置 Shiro 时，你必须指定至少一个 Realm 用来进行身份验证和/或授权。SecurityManager 可能配置多个 Realms，但至少有一个是必须的。 Shiro 提供了立即可用的 Realms 来连接一些安全数据源（即目录），如 LDAP，关系数据库（JDBC），文本配置源，像 INI 及属性文件，以及更多。你可以插入你自己的 Realm 实现来代表自定义的数据源，如果默认地 Realm 不符合你的需求。 像其他内置组件一样，Shiro SecurityManager 控制 Realms 是如何被用来获取安全和身份数据来代表 Subject 实例的。 执行。Authenticator 知道如何与一个或多个 Realm 协调来存储相关的用户/帐户信息。从这些 Realm 中获得的数据被用来验证用户的身份来保证用户确实是他们所说的他们是谁。 ####### • Authentication Strategy(org.apache.shiro.authc.pam.AuthenticationStrategy) 如果不止一个 Realm 被配置，则 AuthenticationStrategy

在几乎所有程序中保留了直观和易用的特性。 ## High-Level Overview 高级概述 在概念层，Shiro 架构包含三个主要的理念：Subject, SecurityManager 和 Realm。下面的图展示了这些组件如何相互作用，我们将在下面依次对其进行描述。 ![Image](/uploads/documents/8/7/7/f/877f8ebed893e25372f10aa25aad1f6b/p19_1 ro 从一个或多个程序配置的 Realm 中查找这些东西。Realm 本质上是一个特定的安全 DAO：它封装与数据源连接的细节，得到 Shiro 所需的相关数据。在配置 Shiro 的时候，你必须指定至少一个 Realm 来实现认证（authentication）和/或授权（authorization）。SecurityManager 可以配置多个复杂的 Realm，但是至少有一个是需要的。Shiro ro 提供开箱即用的 Realms 来连接安全数据源（或叫地址）如 LDAP、JDBC、文件配置如 INI 和属性文件等，如果已有的 Realm 不能满足你的需求你也可以开发自己的 Realm 实现。和其它内部组件一样，Shiro SecurityManager 管理如何使用 Realms 获取 Subject 实例所代表的安全和身份信息。 ## Detailed Architecture 详细架构

...5 简介.....5 第二章 身份验证.....9 环境准备.....9 登录/退出.....10 身份认证流程.....12 REALM.....12 AUTHENTICATOR 及 AUTHENTICATIONSTRATEGY.....16 第三章 授权.....20 授权方式.....21 散列算法.....41 加密/解密.....43 PASSWORDSERVICE/CREDENTIALSMATCHER.....44 第六章 REALM 及相关对象.....49 REALM.....49 AUTHENTICATION TOKEN.....53 AUTHENTICATION INFO.....54 PRINCIPAL ..... 95 会话存储/持久化 ..... 95 会话验证 ..... 99 SESSION FACTORY ..... 101 第十一章 缓存机制 ..... 103 REALM 缓存 ..... 104 SESSION 缓存 ..... 106 第十二章 与 SPRING 集成 ..... 107 JAVASE 应用 ..... 107 WEB 应用 .

14.1. Overview 5.14.2. Schema and Deployer 5.14.3. Architecture 5.14.4. Available realm and login modules 5.14.5. Encryption service 5.14.6. Role discovery policies 5.14.7 realms. A realm contains the definition of the login modules to use for the authentication and/or authorization on this realm. The login modules define the authentication and authorization for the realm. The The jaas:realm-list command lists the current defined realms: karaf@root()> jaas:realm-list Index | Realm Name | Login Module Class Name -------------------------------------------------------------

principals. • Realms: the unique realm of control provided by the Kerberos installation. Think of it as the domain or group your hosts and users belong to. Convention dictates the realm should be in uppercase. (EXAMPLE.COM) as the realm. • Key Distribution Center: (KDC) consist of three parts, a database of all principals, the authentication server, and the ticket granting server. For each realm there must be at principal database and contain the encryption key for a service or host. To put the pieces together, a Realm has at least one KDC, preferably more for redundancy, which contains a database of Principals. When

server, like nfs/server.example.com@REALM. Similarly admin privileges on a principal use an instance of /admin, like john/admin@REALM, differentiating it from john@REALM. These variations fit nicely with ACLs. • Realms: the unique realm of control provided by the Kerberos installation. Think of it as the domain or group your hosts and users belong to. Convention dictates the realm should be in uppercase. (EXAMPLE.COM) as the realm. - Key Distribution Center: (KDC) consist of three parts: a database of all principals, the authentication server, and the ticket granting server. For each realm there must be at

in various parts of the application. This includes the remote console login, which uses the karaf realm, but which is configured with a dummy login module by default. These realms can also be used by the for spring has been defined, allowing the deployment of a new realm or a new keystore very easily. ## SCHEMA To override or deploy a new realm, you can use the following XSD which is supported by a Spring default as the name of the realm if no name attribute is specified. Additional attributes on the config elements are a rank, which is an integer. When the LoginContext looks for a realm for authenticating a

should be encrypted with mod_ssl instead. The AuthName directive sets the Realm to be used in the authentication. The realm serves two major functions. First, the client often presents this information "Restricted Files" Realm. Therefore, you can prevent a user from being prompted more than once for a password by letting multiple restricted areas share the same realm. Of course, for security reasons digest authentication htdigest is used to create and update the flat-files used to store usernames, realm and password for digest authentication of HTTP users. Resources available from the Apache HTTP server

should be encrypted with mod_ssl instead. The AuthName directive sets the Realm to be used in the authentication. The realm serves two major functions. First, the client often presents this information "Restricted Files" Realm. Therefore, you can prevent a user from being prompted more than once for a password by letting multiple restricted areas share the same realm. Of course, for security reasons digest authentication htdigest is used to create and update the flat-files used to store usernames, realm and password for digest authentication of HTTP users. Resources available from the Apache HTTP server