溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章主要講解了“Shiro的認證過程”,文中的講解內容簡單清晰,易于學習與理解,下面請大家跟著小編的思路慢慢深入,一起來研究和學習“Shiro的認證過程”吧!
Shiro的架構了解之后,走一下debug,跟一下認證的流程。使用Realm來認證用戶名密碼。
使用realm訪問數據庫里的數據
獲取當前的subject
校驗subject是否已經登錄
若沒有認證則封裝用戶名密碼
1.0創建表單頁面 存儲提交
2.0請求提交到mvc的handler
3.0獲取用戶名密碼
4.0執行登錄:調用subject的login(token)
5.0自定義realm,從數據庫獲取對應記錄,返回給shiro
Realm實現類AuthenticatingRealm
protected abstract AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken var1) throws AuthenticationException;
實現該方法
6.0Shiro完成對密碼的比對
currentUser.login(token);login方法的實現void login(AuthenticationToken var1) throws AuthenticationException;
向下走,看下實現
public void login(AuthenticationToken token) throws AuthenticationException {this.clearRunAsIdentitiesInternal();Subject subject = this.securityManager.login(this, token);String host = null;PrincipalCollection principals;if (subject instanceof DelegatingSubject) {DelegatingSubject delegating = (DelegatingSubject)subject;principals = delegating.principals;host = delegating.host;} else {principals = subject.getPrincipals();}if (principals != null && !principals.isEmpty()) {this.principals = principals;this.authenticated = true;if (token instanceof HostAuthenticationToken) {host = ((HostAuthenticationToken)token).getHost();}if (host != null) {this.host = host;}Session session = subject.getSession(false);if (session != null) {this.session = this.decorate(session);} else {this.session = null;}} else {String msg = "Principals returned from securityManager.login( token ) returned a null or empty value. This value must be non null and populated with one or more elements.";throw new IllegalStateException(msg);}}
info = this.authenticate(token);public AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {return this.authenticator.authenticate(token);}
最終調用的
==============public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {AuthenticationInfo info = this.getCachedAuthenticationInfo(token);if (info == null) {info = this.doGetAuthenticationInfo(token);log.debug("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", info);if (token != null && info != null) {this.cacheAuthenticationInfoIfPossible(token, info);}} else {log.debug("Using cached authentication info [{}] to perform credentials matching.", info);}if (info != null) {this.assertCredentialsMatch(token, info);} else {log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}]. Returning null.", token);}return info;}
int i = token.hashCode();此時的hashcode與 info = this.doGetAuthenticationInfo(token);doGetAuthenticationInfo獲取的token是一致的
但是會由于緩存 不能達到登錄后在返回同樣驗證的效果
Shiro如何比對密碼
token中保存了從數據庫獲取的密碼 以及從前臺傳過來的密碼
然后進行比對
密碼的比對
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { Object tokenCredentials = getCredentials(token); Object accountCredentials = getCredentials(info); return equals(tokenCredentials, accountCredentials);}public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) { this.credentialsMatcher = credentialsMatcher;}
認證流程走完,能夠明確Shiro還是需要數據庫中的數據來跟前臺數據進行比對密碼,如果不能跳轉頁面或者走到方法,需要在applicationcontext.xml中配置URL
感謝各位的閱讀,以上就是“Shiro的認證過程”的內容了,經過本文的學習后,相信大家對Shiro的認證過程這一問題有了更深刻的體會,具體使用情況還需要大家實踐驗證。這里是億速云,小編將為大家推送更多相關知識點的文章,歡迎關注!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
