Apache Shiro Logo Simple. Java. Security. Apache Software Foundation Event Banner
As of February 28, 2024, Shiro v1 was superseded by v2.
Shiro has three important cache interfaces:
A CacheManager returns Cache instances and various Shiro components use those Cache< instances to cache data as necessary.
Any Shiro component that implements CacheManager will automatically receive a configured CacheManager, where it can be used to acquire Cache instances.
The Shiro SecurityManager implementations and all
AuthorizingRealm implementations implement CacheManagerAware.
If you set the CacheManager on the SecurityManager, it will in turn set it on the various Realms that implement CacheManagerAware as well (OO delegation).
For example, in shiro.ini:
securityManager.realms = $myRealm1, $myRealm2, ..., $myRealmN
...
cacheManager = my.implementation.of.CacheManager
...
securityManager.cacheManager = $cacheManager
# at this point, the securityManager and all CacheManagerAware
# realms have been set with the cacheManager instance
We have an out-of-the-box EhCacheManager implementation, so you can use that today if you wanted.
Otherwise, you can implement your own CacheManager (e.g. with Coherence, etc.) and configure it as above, and you’ll be good to go.
Finally, note that AuthorizingRealm has a clearCachedAuthorizationInfo method that can be called by subclasses to evict the cached authzInfo for a particular account.
It is usually called by custom logic if the corresponding account’s authz data has changed (to ensure the next authz check will pick up the new data).