shiro登录实现的过程
jopen
10年前
单元测试:【登录人:spj@qq.com,密码pass】
public void testLogin(){ Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken("spj@qq.com","pass"); subject.login(token); Assert.assertTrue(subject.isAuthenticated()); System.out.println("login"); }
调用securityManager.loginer
Subject subject = securityManager.login(this, token);
使用securityManager的时候必须在配置文件 中加入securityManager的配置
<!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) --> <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/> <property name="arguments" ref="securityManager"/> </bean>
根据当前登录的token来获取info
info = authenticate(token);--》info = doAuthenticate(token);
执行doAuthenticate获取realms【读取配置文件,并且判断是否未单实例】
assertRealmsConfigured(); Collection<Realm> realms = getRealms(); if (realms.size() == 1) { return doSingleRealmAuthentication(realms.iterator().next(), authenticationToken); } else { return doMultiRealmAuthentication(realms, authenticationToken); }
获取reaml中的info
protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken token) { if (!realm.supports(token)) { String msg = "Realm [" + realm + "] does not support authentication token [" + token + "]. Please ensure that the appropriate Realm implementation is " + "configured correctly or that the realm accepts AuthenticationTokens of this type."; throw new UnsupportedTokenException(msg); } AuthenticationInfo info = realm.getAuthenticationInfo(token); if (info == null) { String msg = "Realm [" + realm + "] was unable to find account data for the " + "submitted AuthenticationToken [" + token + "]."; throw new UnknownAccountException(msg); } return info; }
最后执行登录时候token和从realm中获取到info的判断
onSuccessfulLogin(token, info, loggedIn);
来自:http://my.oschina.net/u/1996443/blog/363984