Shiro认证过程
【摘要】 Shiro的架构了解之后,走一下debug,跟一下认证的流程。使用Realm来认证用户名密码。使用realm访问数据库里的数据获取当前的subject校验subject是否已经登录若没有认证则封装用户名密码1.0创建表单页面 存储提交2.0请求提交到mvc的handler3.0获取用户名密码4.0执行登录:调用subject的login(token)5.0自定义realm,从数据库获取对应...
Shiro的架构了解之后,走一下debug,跟一下认证的流程。使用Realm来认证用户名密码。
使用realm访问数据库里的数据
获取当前的subject
校验subject是否已经登录
若没有认证则封装用户名密码
1.0创建表单页面 存储提交
2.0请求提交到mvc的handler
3.0获取用户名密码
4.0执行登录:调用subject的login(token)
5.0自定义realm,从数据库获取对应记录,返回给shiro
Realm实现类AuthenticatingRealm
protected abstract AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken var1) throws AuthenticationException;
实现该方法
6.0Shiro完成对密码的比对
currentUser.login(token);login方法的实现
void login(AuthenticationToken var1) throws AuthenticationException;
向下走,看下实现
public void login(AuthenticationToken token) throws AuthenticationException {
this.clearRunAsIdentitiesInternal();
Subject subject = this.securityManager.login(this, token);
String host = null;
PrincipalCollection principals;
if (subject instanceof DelegatingSubject) {
DelegatingSubject delegating = (DelegatingSubject)subject;
principals = delegating.principals;
host = delegating.host;
} else {
principals = subject.getPrincipals();
}
if (principals != null && !principals.isEmpty()) {
this.principals = principals;
this.authenticated = true;
if (token instanceof HostAuthenticationToken) {
host = ((HostAuthenticationToken)token).getHost();
}
if (host != null) {
this.host = host;
}
Session session = subject.getSession(false);
if (session != null) {
this.session = this.decorate(session);
} else {
this.session = null;
}
} else {
String msg = "Principals returned from securityManager.login( token ) returned a null or empty value. This value must be non null and populated with one or more elements.";
throw new IllegalStateException(msg);
}
}
info = this.authenticate(token);
public AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {
return this.authenticator.authenticate(token);
}
最终调用的
==============
public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
AuthenticationInfo info = this.getCachedAuthenticationInfo(token);
if (info == null) {
info = this.doGetAuthenticationInfo(token);
log.debug("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", info);
if (token != null && info != null) {
this.cacheAuthenticationInfoIfPossible(token, info);
}
} else {
log.debug("Using cached authentication info [{}] to perform credentials matching.", info);
}
if (info != null) {
this.assertCredentialsMatch(token, info);
} else {
log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}]. Returning null.", token);
}
return info;
}
int i = token.hashCode();
此时的hashcode与 info = this.doGetAuthenticationInfo(token);
doGetAuthenticationInfo获取的token是一致的
但是会由于缓存 不能达到登录后在返回同样验证的效果
Shiro如何比对密码
token中保存了从数据库获取的密码 以及从前台传过来的密码
然后进行比对
密码的比对
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
Object tokenCredentials = getCredentials(token);
Object accountCredentials = getCredentials(info);
return equals(tokenCredentials, accountCredentials);
}
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
this.credentialsMatcher = credentialsMatcher;
}
认证流程走完,能够明确Shiro还是需要数据库中的数据来跟前台数据进行比对密码,如果不能跳转页面或者走到方法,需要在applicationcontext.xml中配置URL
上天给了你一份礼物,你很会讲故事的,但除非有人替你看好,孩子很容易丢掉自己的礼物,如果你的父母没办法照顾好你,那只好由我来
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)