这篇文章主要讲解了“Shiro的认证过程”,文中的讲解内容简单清晰,易于学习与理解,下面请大家跟着小编的思路慢慢深入,一起来研究和学习“Shiro的认证过程”吧!
Shiro的架构了解之后,走一下debug,跟一下认证的流程。使用Realm来认证用户名密码。
使用realm访问数据库里的数据
获取当前的subject
校验subject是否已经登录
若没有认证则封装用户名密码
1.0创建表单页面 存储提交
2.0请求提交到mvc的handler
3.0获取用户名密码
4.0执行登录:调用subject的login(token)
5.0自定义realm,从数据库获取对应记录,返回给shiro
Realm实现类AuthenticatingRealm
protected abstract AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken var1) throws AuthenticationException;
实现该方法
6.0Shiro完成对密码的比对
currentUser.login(token);login方法的实现void login(AuthenticationToken var1) throws AuthenticationException;
向下走,看下实现
public void login(AuthenticationToken token) throws AuthenticationException { this.clearRunAsIdentitiesInternal(); Subject subject = this.securityManager.login(this, token); String host = null; PrincipalCollection principals; if (subject instanceof DelegatingSubject) { DelegatingSubject delegating = (DelegatingSubject)subject; principals = delegating.principals; host = delegating.host; } else { principals = subject.getPrincipals(); }
if (principals != null && !principals.isEmpty()) { this.principals = principals; this.authenticated = true; if (token instanceof HostAuthenticationToken) { host = ((HostAuthenticationToken)token).getHost(); }
if (host != null) { this.host = host; }
Session session = subject.getSession(false); if (session != null) { this.session = this.decorate(session); } else { this.session = null; }
} else { String msg = "Principals returned from securityManager.login( token ) returned a null or empty value. This value must be non null and populated with one or more elements."; throw new IllegalStateException(msg); }}
info = this.authenticate(token);
public AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException { return this.authenticator.authenticate(token);}
最终调用的
==============public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { AuthenticationInfo info = this.getCachedAuthenticationInfo(token); if (info == null) { info = this.doGetAuthenticationInfo(token); log.debug("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", info); if (token != null && info != null) { this.cacheAuthenticationInfoIfPossible(token, info); } } else { log.debug("Using cached authentication info [{}] to perform credentials matching.", info); }
if (info != null) { this.assertCredentialsMatch(token, info); } else { log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}]. Returning null.", token); }
return info;}
int i = token.hashCode();此时的hashcode与 info = this.doGetAuthenticationInfo(token);doGetAuthenticationInfo获取的token是一致的
但是会由于缓存 不能达到登录后在返回同样验证的效果
Shiro如何比对密码
token中保存了从数据库获取的密码 以及从前台传过来的密码
然后进行比对
密码的比对
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { Object tokenCredentials = getCredentials(token); Object accountCredentials = getCredentials(info); return equals(tokenCredentials, accountCredentials);}public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) { this.credentialsMatcher = credentialsMatcher;}
认证流程走完,能够明确Shiro还是需要数据库中的数据来跟前台数据进行比对密码,如果不能跳转页面或者走到方法,需要在applicationcontext.xml中配置URL
感谢各位的阅读,以上就是“Shiro的认证过程”的内容了,经过本文的学习后,相信大家对Shiro的认证过程这一问题有了更深刻的体会,具体使用情况还需要大家实践验证。这里是天达云,小编将为大家推送更多相关知识点的文章,欢迎关注!