shiro登录实现的过程

jopen 9年前

单元测试:【登录人:spj@qq.com,密码pass

public void testLogin(){          Subject subject = SecurityUtils.getSubject();          UsernamePasswordToken token = new UsernamePasswordToken("spj@qq.com","pass");          subject.login(token);          Assert.assertTrue(subject.isAuthenticated());          System.out.println("login");      }


调用securityManager.loginer

Subject subject = securityManager.login(this, token);


使用securityManager的时候必须在配置文件 中加入securityManager的配置

<!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) -->      <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">          <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>          <property name="arguments" ref="securityManager"/>      </bean>


根据当前登录的token来获取info

info = authenticate(token);--》info = doAuthenticate(token);


执行doAuthenticate获取realms【读取配置文件,并且判断是否未单实例】

assertRealmsConfigured();  Collection<Realm> realms = getRealms();  if (realms.size() == 1) {     return doSingleRealmAuthentication(realms.iterator().next(), authenticationToken);  } else {     return doMultiRealmAuthentication(realms, authenticationToken);  }


获取reaml中的info       

protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken token) {          if (!realm.supports(token)) {              String msg = "Realm [" + realm + "] does not support authentication token [" +                      token + "].  Please ensure that the appropriate Realm implementation is " +                      "configured correctly or that the realm accepts AuthenticationTokens of this type.";              throw new UnsupportedTokenException(msg);          }          AuthenticationInfo info = realm.getAuthenticationInfo(token);          if (info == null) {              String msg = "Realm [" + realm + "] was unable to find account data for the " +                      "submitted AuthenticationToken [" + token + "].";              throw new UnknownAccountException(msg);          }          return info;      }


最后执行登录时候token和从realm中获取到info的判断

onSuccessfulLogin(token, info, loggedIn);

来自:http://my.oschina.net/u/1996443/blog/363984