This part of the documentation covers Shiro’s core architectural concepts.
First we’ll present Shiro’s architecture and a summary of each core concept. Then we’ll cover the most important concept in Shiro - the
Subject, a security-specific ‘view’ of a single application user. Next we’ll discuss the SecurityManager, an application singleton that manages all Subjects for the application, and as well as the SecurityManager’s supporting components that do most of Shiro’s heavy lifting. Then onto Realms, the security-specific DAOs, Shiro communicates with and then Permissions, the building block of any security policy.
While we hope this documentation helps you with the work you’re doing with Apache Shiro, the community is improving and expanding the documentation all the time. If you’d like to help the Shiro project, please consider corrected, expanding, or adding documentation where you see a need. Every little bit of help you provide expands the community and in turn improves Shiro.