shiro学习笔记-Subject#login(token)源码实现过程
追踪Subject的login(AuthenticationToken token)方法,其调用的为DelegatingSubject类的login方法,DelegatingSubject实现了Subject接口,DelegatingSubject#login如下:
1 public void login(AuthenticationToken token) throws AuthenticationException {
2 clearRunAsIdentitiesInternal();
3 Subject subject = securityManager.login(this, token);
4
5 PrincipalCollection principals;
6
7 String host = null;
8
9 if (subject instanceof DelegatingSubject) {
10 DelegatingSubject delegating = (DelegatingSubject) subject;
11 //we have to do this in case there are assumed identities - we don't want to lose the 'real' principals:
12 principals = delegating.principals;
13 host = delegating.host;
14 } else {
15 principals = subject.getPrincipals();
16 }
17
18 if (principals == null || principals.isEmpty()) {
19 String msg = "Principals returned from securityManager.login( token ) returned a null or " +
20 "empty value. This value must be non null and populated with one or more elements.";
21 throw new IllegalStateException(msg);
22 }
23 this.principals = principals;
24 this.authenticated = true;
25 if (token instanceof HostAuthenticationToken) {
26 host = ((HostAuthenticationToken) token).getHost();
27 }
28 if (host != null) {
29 this.host = host;
30 }
31 Session session = subject.getSession(false);
32 if (session != null) {
33 this.session = decorate(session);
34 } else {
35 this.session = null;
36 }
37 }
在上面代码的第三行:Subject subject = securityManager.login(this, token); 注意到其调用了SecurityManager的login方法,SecurityManager为接口,实际上调用的其实现类DefaultSecurityManager的login方法,方法如下:
1 public Subject login(Subject subject, AuthenticationToken token) throws AuthenticationException {
2 AuthenticationInfo info;
3 try {
4 info = authenticate(token);
5 } catch (AuthenticationException ae) {
6 try {
7 onFailedLogin(token, ae, subject);
8 } catch (Exception e) {
9 if (log.isInfoEnabled()) {
10 log.info("onFailedLogin method threw an " +
11 "exception. Logging and propagating original AuthenticationException.", e);
12 }
13 }
14 throw ae; //propagate
15 }
16
17 Subject loggedIn = createSubject(token, info, subject);
18
19 onSuccessfulLogin(token, info, loggedIn);
20
21 return loggedIn;
22 }
在上面代码第四行:info = authenticate(token); 继续跟踪,发现authenticate(AuthenticationToken token);方法为DefaultSecurityManager的父类AuthenticatingSecurityManager的方法,AuthenticatingSecurityManager#authenticate方法如下:
1 public AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {
2 return this.authenticator.authenticate(token);
3 }
authenticator为Authenticator接口,继续跟踪,AbstractAuthenticator抽象类实现了Authenticator接口,接下来继续查看AbstractAuthenticator#authenticate(token);方法:
1 public final AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {
2
3 if (token == null) {
4 throw new IllegalArgumentException("Method argument (authentication token) cannot be null.");
5 }
6
7 log.trace("Authentication attempt received for token [{}]", token);
8
9 AuthenticationInfo info;
10 try {
11 info = doAuthenticate(token);
12 if (info == null) {
13 String msg = "No account information found for authentication token [" + token + "] by this " +
14 "Authenticator instance. Please check that it is configured correctly.";
15 throw new AuthenticationException(msg);
16 }
17 } catch (Throwable t) {
18 AuthenticationException ae = null;
19 if (t instanceof AuthenticationException) {
20 ae = (AuthenticationException) t;
21 }
22 if (ae == null) {
23 //Exception thrown was not an expected AuthenticationException. Therefore it is probably a little more
24 //severe or unexpected. So, wrap in an AuthenticationException, log to warn, and propagate:
25 String msg = "Authentication failed for token submission [" + token + "]. Possible unexpected " +
26 "error? (Typical or expected login exceptions should extend from AuthenticationException).";
27 ae = new AuthenticationException(msg, t);
28 if (log.isWarnEnabled())
29 log.warn(msg, t);
30 }
31 try {
32 notifyFailure(token, ae);
33 } catch (Throwable t2) {
34 if (log.isWarnEnabled()) {
35 String msg = "Unable to send notification for failed authentication attempt - listener error?. " +
36 "Please check your AuthenticationListener implementation(s). Logging sending exception " +
37 "and propagating original AuthenticationException instead...";
38 log.warn(msg, t2);
39 }
40 }
41 throw ae;
42 }
43
44 log.debug("Authentication successful for token [{}]. Returned account [{}]", token, info);
45
46 notifySuccess(token, info);
47
48 return info;
49 }
上面代码第11行:info = doAuthenticate(token); 这个方法为ModularRealmAuthticator类中的方法,因为ModularRealmAuthticator继承了AbstractAuthenticator抽象类。另外,要注意第12行-第16行,如果info==null,就会抛出异常。ModularRealmAuthticator的doAuthenticate(token);方法如下:
1 protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
2 assertRealmsConfigured();
3 Collection<Realm> realms = getRealms();
4 if (realms.size() == 1) {
5 return doSingleRealmAuthentication(realms.iterator().next(), authenticationToken);
6 } else {
7 return doMultiRealmAuthentication(realms, authenticationToken);
8 }
9 }
这里,我们关注上面第五行代码:doSingleRealmAuthentication(realms.iterator().next(), authenticationToken); else语句中的doMultiRealmAuthentication(realms, authenticationToken);类似。跟踪到doSingleRealmAuthentication方法如下:
1 protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken token) {
2 if (!realm.supports(token)) {
3 String msg = "Realm [" + realm + "] does not support authentication token [" +
4 token + "]. Please ensure that the appropriate Realm implementation is " +
5 "configured correctly or that the realm accepts AuthenticationTokens of this type.";
6 throw new UnsupportedTokenException(msg);
7 }
8 AuthenticationInfo info = realm.getAuthenticationInfo(token);
9 if (info == null) {
10 String msg = "Realm [" + realm + "] was unable to find account data for the " +
11 "submitted AuthenticationToken [" + token + "].";
12 throw new UnknownAccountException(msg);
13 }
14 return info;
15 }
上面代码第八行:AuthenticationInfo info = realm.getAuthenticationInfo(token); realm为Realm接口,实际上调用的是其实现类AuthenticatingRealm中的getAuthenticationInfo方法,方法如下:
1 public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
2
3 AuthenticationInfo info = getCachedAuthenticationInfo(token);
4 if (info == null) {
5 //otherwise not cached, perform the lookup:
6 info = doGetAuthenticationInfo(token);
7 log.debug("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", info);
8 if (token != null && info != null) {
9 cacheAuthenticationInfoIfPossible(token, info);
10 }
11 } else {
12 log.debug("Using cached authentication info [{}] to perform credentials matching.", info);
13 }
14
15 if (info != null) {
16 assertCredentialsMatch(token, info);
17 } else {
18 log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}]. Returning null.", token);
19 }
20 return info;
21 }
上面代码第三行:AuthenticationInfo info = getCachedAuthenticationInfo(token);从缓存中获取认证信息,如果未获取到,则调用第六行的doGetAuthenticationInfo(token); 方法获取认证信息。继续跟踪,发现有几个类实现了该方法,如下图所示:
最后,附上SecurityManager和Realm等的类关系图:
Realm:
SecurityManager:
Authenticator:
https://www.cnblogs.com/ccfdod/p/6436353.html
shiro学习笔记-Subject#login(token)源码实现过程的更多相关文章
- shiro学习笔记-Subject#login(token)实现过程
本博文所有的代码均为shiro官网(http://shiro.apache.org/)中shiro 1.3.2版本中的源码. 追踪Subject的login(AuthenticationToken t ...
- Nginx学习笔记(六) 源码分析&启动过程
Nginx的启动过程 主要介绍Nginx的启动过程,可以在/core/nginx.c中找到Nginx的主函数main(),那么就从这里开始分析Nginx的启动过程. 涉及到的基本函数 源码: /* * ...
- Bootstrap学习笔记上(带源码)
阅读目录 排版 表单 网格系统 菜单.按钮 做好笔记方便日后查阅o(╯□╰)o bootstrap简介: ☑ 简单灵活可用于架构流行的用户界面和交互接口的html.css.javascript工具集 ...
- GuavaCache学习笔记三:底层源码阅读
申明:转载自 https://www.cnblogs.com/dennyzhangdd/p/8981982.html 感谢原博主的分享,看到这个写的真好,直接转载来,学习了. 另外也推荐另外一篇Gua ...
- Nginx学习笔记(五) 源码分析&内存模块&内存对齐
Nginx源码分析&内存模块 今天总结了下C语言的内存分配问题,那么就看看Nginx的内存分配相关模型的具体实现.还有内存对齐的内容~~不懂的可以看看~~ src/os/unix/Ngx_al ...
- Nginx学习笔记(四) 源码分析&socket/UDP/shmem
源码分析 在茫茫的源码中,看到了几个好像挺熟悉的名字(socket/UDP/shmem).那就来看看这个文件吧!从简单的开始~~~ src/os/unix/Ngx_socket.h&Ngx_s ...
- Android(java)学习笔记203:网页源码查看器(Handler消息机制)
1.项目框架图: 2.首先是布局文件activity_main.xml: <LinearLayout xmlns:android="http://schemas.android.com ...
- Android(java)学习笔记146:网页源码查看器(Handler消息机制)
1.项目框架图: 2.首先是布局文件activity_main.xml: <LinearLayout xmlns:android="http://schemas.android.com ...
- java学习笔记之集合—ArrayList源码解析
1.ArrayList简介 ArrayList是一个数组队列,与java中的数组的容量固定不同,它可以动态的实现容量的增涨.所以ArrayList也叫动态数组.当我们知道有多少个数据元素的时候,我们用 ...
随机推荐
- 传的参数是url地址时需要特殊处理
<a href="javascript:;" data-url="{$vo.url}" class="info_generate_qr" ...
- ubuntu18+gtx1060 +cuda9+cudnn-v7+opencv3.1.0 配置深度学习环境
将笔记本的ubuntu系统更新到18版本后重新配置深度学习环境,在此记载方便日后参考 具体配置为 Ubuntu18.04+gtx1060+opencv-3.1 第1步 安装依赖包 sudo apt-g ...
- zabbix自定义监控方式
- PHP curl是什么
PHP curl是什么 一.总结 一句话总结:PHP支持的由Daniel Stenberg创建的libcurl库允许你与各种的服务器使用各种类型的协议进行连接和通讯. libcurl库 允许你与各种的 ...
- [Solution] The superclass “javax.servlet.http.HttpServlet” was not found on the Java Build Path
HttpServlet需要tomcat等. 右键project点开properties>project facets> 在右侧栏的Runtime tab中勾选tomcat或者新建tomca ...
- Tomcat基本组件、其功能和处理请求的过程
一.Tomcat是一个基于组件的服务器,它的构成组件都是可配置的,其中最外层的组件是Catalina Servlet容器,其他的组件按照一定的格式要求配置在这个顶层容器中 Tomcat的各个组件是 ...
- You Don't Know JS: this & Object Prototypes( 第一章 this or That?)
Foreword this 关键字和prototypes 他们是用JS编程的基础.没有他们创建复杂的JS程序是不可能的. 我敢说大量的web developers从没有建立过JS Object,仅仅对 ...
- p2739 Shuttle Puzzle
观察样例得知就是和离'_'左边最近的'w'交换位置,然后和离'_'右边最近的'b'交换位置,轮流进行. #include <iostream> #include <cstdio> ...
- 深刻理解Web标准,对可用性、可访问性、可维护性等相关知识有实际的了解和实践经验
WEB标准不是某一个标准,而是一系列标准的集合.网页主要由三部分组成:结构(Structure).表现(Presentation)和行为(Behavior).对应的标准也分三方面:结构化标准语言主要包 ...
- yarn hadoop-2.3.0 installation cluster Centos 64bits
Apache Hadoop -2.2.0 - How to Install a Three Nodes Cluster http://tonylixu.blogspot.ca/2014/02/apac ...