shiro学习笔记-Subject#login(token)源码实现过程
追踪Subject的login(AuthenticationToken token)方法,其调用的为DelegatingSubject类的login方法,DelegatingSubject实现了Subject接口,DelegatingSubject#login如下:
1 public void login(AuthenticationToken token) throws AuthenticationException {
2 clearRunAsIdentitiesInternal();
3 Subject subject = securityManager.login(this, token);
4
5 PrincipalCollection principals;
6
7 String host = null;
8
9 if (subject instanceof DelegatingSubject) {
10 DelegatingSubject delegating = (DelegatingSubject) subject;
11 //we have to do this in case there are assumed identities - we don't want to lose the 'real' principals:
12 principals = delegating.principals;
13 host = delegating.host;
14 } else {
15 principals = subject.getPrincipals();
16 }
17
18 if (principals == null || principals.isEmpty()) {
19 String msg = "Principals returned from securityManager.login( token ) returned a null or " +
20 "empty value. This value must be non null and populated with one or more elements.";
21 throw new IllegalStateException(msg);
22 }
23 this.principals = principals;
24 this.authenticated = true;
25 if (token instanceof HostAuthenticationToken) {
26 host = ((HostAuthenticationToken) token).getHost();
27 }
28 if (host != null) {
29 this.host = host;
30 }
31 Session session = subject.getSession(false);
32 if (session != null) {
33 this.session = decorate(session);
34 } else {
35 this.session = null;
36 }
37 }
在上面代码的第三行:Subject subject = securityManager.login(this, token); 注意到其调用了SecurityManager的login方法,SecurityManager为接口,实际上调用的其实现类DefaultSecurityManager的login方法,方法如下:
1 public Subject login(Subject subject, AuthenticationToken token) throws AuthenticationException {
2 AuthenticationInfo info;
3 try {
4 info = authenticate(token);
5 } catch (AuthenticationException ae) {
6 try {
7 onFailedLogin(token, ae, subject);
8 } catch (Exception e) {
9 if (log.isInfoEnabled()) {
10 log.info("onFailedLogin method threw an " +
11 "exception. Logging and propagating original AuthenticationException.", e);
12 }
13 }
14 throw ae; //propagate
15 }
16
17 Subject loggedIn = createSubject(token, info, subject);
18
19 onSuccessfulLogin(token, info, loggedIn);
20
21 return loggedIn;
22 }
在上面代码第四行:info = authenticate(token); 继续跟踪,发现authenticate(AuthenticationToken token);方法为DefaultSecurityManager的父类AuthenticatingSecurityManager的方法,AuthenticatingSecurityManager#authenticate方法如下:
1 public AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {
2 return this.authenticator.authenticate(token);
3 }
authenticator为Authenticator接口,继续跟踪,AbstractAuthenticator抽象类实现了Authenticator接口,接下来继续查看AbstractAuthenticator#authenticate(token);方法:
1 public final AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {
2
3 if (token == null) {
4 throw new IllegalArgumentException("Method argument (authentication token) cannot be null.");
5 }
6
7 log.trace("Authentication attempt received for token [{}]", token);
8
9 AuthenticationInfo info;
10 try {
11 info = doAuthenticate(token);
12 if (info == null) {
13 String msg = "No account information found for authentication token [" + token + "] by this " +
14 "Authenticator instance. Please check that it is configured correctly.";
15 throw new AuthenticationException(msg);
16 }
17 } catch (Throwable t) {
18 AuthenticationException ae = null;
19 if (t instanceof AuthenticationException) {
20 ae = (AuthenticationException) t;
21 }
22 if (ae == null) {
23 //Exception thrown was not an expected AuthenticationException. Therefore it is probably a little more
24 //severe or unexpected. So, wrap in an AuthenticationException, log to warn, and propagate:
25 String msg = "Authentication failed for token submission [" + token + "]. Possible unexpected " +
26 "error? (Typical or expected login exceptions should extend from AuthenticationException).";
27 ae = new AuthenticationException(msg, t);
28 if (log.isWarnEnabled())
29 log.warn(msg, t);
30 }
31 try {
32 notifyFailure(token, ae);
33 } catch (Throwable t2) {
34 if (log.isWarnEnabled()) {
35 String msg = "Unable to send notification for failed authentication attempt - listener error?. " +
36 "Please check your AuthenticationListener implementation(s). Logging sending exception " +
37 "and propagating original AuthenticationException instead...";
38 log.warn(msg, t2);
39 }
40 }
41 throw ae;
42 }
43
44 log.debug("Authentication successful for token [{}]. Returned account [{}]", token, info);
45
46 notifySuccess(token, info);
47
48 return info;
49 }
上面代码第11行:info = doAuthenticate(token); 这个方法为ModularRealmAuthticator类中的方法,因为ModularRealmAuthticator继承了AbstractAuthenticator抽象类。另外,要注意第12行-第16行,如果info==null,就会抛出异常。ModularRealmAuthticator的doAuthenticate(token);方法如下:
1 protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
2 assertRealmsConfigured();
3 Collection<Realm> realms = getRealms();
4 if (realms.size() == 1) {
5 return doSingleRealmAuthentication(realms.iterator().next(), authenticationToken);
6 } else {
7 return doMultiRealmAuthentication(realms, authenticationToken);
8 }
9 }
这里,我们关注上面第五行代码:doSingleRealmAuthentication(realms.iterator().next(), authenticationToken); else语句中的doMultiRealmAuthentication(realms, authenticationToken);类似。跟踪到doSingleRealmAuthentication方法如下:
1 protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken token) {
2 if (!realm.supports(token)) {
3 String msg = "Realm [" + realm + "] does not support authentication token [" +
4 token + "]. Please ensure that the appropriate Realm implementation is " +
5 "configured correctly or that the realm accepts AuthenticationTokens of this type.";
6 throw new UnsupportedTokenException(msg);
7 }
8 AuthenticationInfo info = realm.getAuthenticationInfo(token);
9 if (info == null) {
10 String msg = "Realm [" + realm + "] was unable to find account data for the " +
11 "submitted AuthenticationToken [" + token + "].";
12 throw new UnknownAccountException(msg);
13 }
14 return info;
15 }
上面代码第八行:AuthenticationInfo info = realm.getAuthenticationInfo(token); realm为Realm接口,实际上调用的是其实现类AuthenticatingRealm中的getAuthenticationInfo方法,方法如下:
1 public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
2
3 AuthenticationInfo info = getCachedAuthenticationInfo(token);
4 if (info == null) {
5 //otherwise not cached, perform the lookup:
6 info = doGetAuthenticationInfo(token);
7 log.debug("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", info);
8 if (token != null && info != null) {
9 cacheAuthenticationInfoIfPossible(token, info);
10 }
11 } else {
12 log.debug("Using cached authentication info [{}] to perform credentials matching.", info);
13 }
14
15 if (info != null) {
16 assertCredentialsMatch(token, info);
17 } else {
18 log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}]. Returning null.", token);
19 }
20 return info;
21 }
上面代码第三行:AuthenticationInfo info = getCachedAuthenticationInfo(token);从缓存中获取认证信息,如果未获取到,则调用第六行的doGetAuthenticationInfo(token); 方法获取认证信息。继续跟踪,发现有几个类实现了该方法,如下图所示:
最后,附上SecurityManager和Realm等的类关系图:
Realm:
SecurityManager:
Authenticator:
https://www.cnblogs.com/ccfdod/p/6436353.html
shiro学习笔记-Subject#login(token)源码实现过程的更多相关文章
- shiro学习笔记-Subject#login(token)实现过程
本博文所有的代码均为shiro官网(http://shiro.apache.org/)中shiro 1.3.2版本中的源码. 追踪Subject的login(AuthenticationToken t ...
- Nginx学习笔记(六) 源码分析&启动过程
Nginx的启动过程 主要介绍Nginx的启动过程,可以在/core/nginx.c中找到Nginx的主函数main(),那么就从这里开始分析Nginx的启动过程. 涉及到的基本函数 源码: /* * ...
- Bootstrap学习笔记上(带源码)
阅读目录 排版 表单 网格系统 菜单.按钮 做好笔记方便日后查阅o(╯□╰)o bootstrap简介: ☑ 简单灵活可用于架构流行的用户界面和交互接口的html.css.javascript工具集 ...
- GuavaCache学习笔记三:底层源码阅读
申明:转载自 https://www.cnblogs.com/dennyzhangdd/p/8981982.html 感谢原博主的分享,看到这个写的真好,直接转载来,学习了. 另外也推荐另外一篇Gua ...
- Nginx学习笔记(五) 源码分析&内存模块&内存对齐
Nginx源码分析&内存模块 今天总结了下C语言的内存分配问题,那么就看看Nginx的内存分配相关模型的具体实现.还有内存对齐的内容~~不懂的可以看看~~ src/os/unix/Ngx_al ...
- Nginx学习笔记(四) 源码分析&socket/UDP/shmem
源码分析 在茫茫的源码中,看到了几个好像挺熟悉的名字(socket/UDP/shmem).那就来看看这个文件吧!从简单的开始~~~ src/os/unix/Ngx_socket.h&Ngx_s ...
- Android(java)学习笔记203:网页源码查看器(Handler消息机制)
1.项目框架图: 2.首先是布局文件activity_main.xml: <LinearLayout xmlns:android="http://schemas.android.com ...
- Android(java)学习笔记146:网页源码查看器(Handler消息机制)
1.项目框架图: 2.首先是布局文件activity_main.xml: <LinearLayout xmlns:android="http://schemas.android.com ...
- java学习笔记之集合—ArrayList源码解析
1.ArrayList简介 ArrayList是一个数组队列,与java中的数组的容量固定不同,它可以动态的实现容量的增涨.所以ArrayList也叫动态数组.当我们知道有多少个数据元素的时候,我们用 ...
随机推荐
- 如何对接oracle 建立pdb
Oracle数据库的结构是一个数据库实例下有许多用户,每一个用户有自己的表空间,即每一个用户相当于MySQL中的一个数据库.不久前下了oracle 12c的数据库,安装之后建user时才知道oracl ...
- 清除div重叠浮动的方法
在最后加入这样一个div. 并且为div加入以下属性: .clear { clear:both;}
- [c][c++]按位操作
因为有时候需要大量的标志位来判断当前状态等.使用太多的int,bool等会使得程序不“漂亮” 这时候需要“位”操作来解决 建立一个标志位 unsigned ; 在定义一些宏,如 #define CON ...
- Android 错误集合
1. Error:java.util.concurrent.ExecutionException: com.android.tools.aapt2.Aapt2Exception: AAPT2 erro ...
- linux安装vmware
在官网下载linux版 https://www.vmware.com/products/workstation-pro/workstation-pro-evaluation.html sudo chm ...
- 使用http://start.spring.io/ 生成工程
今天学习spring-cloud,无意中发现一个spring提供的构建工程的页面,想记录下,发现有个博客写的很好就直接抄过来了. 原文链接: https://blog.csdn.net/u01050 ...
- Golang简单日志类
实现简单的日志写入文件功能运行环境:golang1.4.2+win7x64golang1.4.2+centos6.5×64 package Helper import ( “fmt” “log” “o ...
- ionic service
当你初试 Angular 时,很自然地就会往 controller 和 scope 里堆满不必要的逻辑.一定要早点意识到,controller 这一层应该很薄:也就是说,应用里大部分的业务逻辑和持久化 ...
- Python量化库大全
https://zhuanlan.zhihu.com/p/26983703?utm_source=wechat_session&utm_medium=social 这个网址上详细介绍了,做量化 ...
- sgu 203 Hyperhuffman
题意:给出字符出现的次数,问替换成哈夫曼编码后的文本长度. 实际上观察发现就等于树的所有节点的和.用nlogn超时.用O(n),用两个队列,一个放原始数组,一个放新生成的节点. #include &l ...