架构

屏幕快照 2019-04-22 22.49.46.png

核心是SecurityManager

认证是通过调用Authenticator来实现的,authenticator内部又是调用realm的doGetAuthenticationInfo实现

  1. protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
  2.         assertRealmsConfigured();
  3.         Collection<Realm> realms = getRealms();
  4.         if (realms.size() == 1) {
  5.             return doSingleRealmAuthentication(realms.iterator().next(), authenticationToken);
  6.         } else {
  7.             return doMultiRealmAuthentication(realms, authenticationToken);
  8.         }
  9.     }
  10. doSingleRealmAuthentication
  11. AuthenticationInfo info = realm.getAuthenticationInfo(token);
  12. info = doGetAuthenticationInfo(token);
  14. //SimpleAccountRealm.java
  15.  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
  16.    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
  17.    SimpleAccount account = getUser(upToken.getUsername());
  19.    if (account != null) {
  21.      if (account.isLocked()) {
  22.        throw new LockedAccountException("Account [" + account + "] is locked.");
  23.      }
  24.      if (account.isCredentialsExpired()) {
  25.        String msg = "The credentials for account [" + account + "] are expired";
  26.        throw new ExpiredCredentialsException(msg);
  27.      }
  29.    }
  31.    return account;
  32.  }
  34. //拿到AuthenticationInfo后使用assertCredentialsMatch(token,info)进行账户、密码比对
  35. public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
  37.         AuthenticationInfo info = getCachedAuthenticationInfo(token);
  38.         if (info == null) {
  39.             //otherwise not cached, perform the lookup:
  40.             info = doGetAuthenticationInfo(token);
  41.             log.debug("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", info);
  42.             if (token != null && info != null) {
  43.                 cacheAuthenticationInfoIfPossible(token, info);
  44.             }
  45.         } else {
  46.             log.debug("Using cached authentication info [{}] to perform credentials matching.", info);
  47.         }
  49.         if (info != null) {
  50.             assertCredentialsMatch(token, info);
  51.         } else {
  52.             log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}].  Returning null.", token);
  53.         }
  55.         return info;
  56.     }
  58. //assertCredentialsMatch(token,info)内部又调用了SimpleCredentialsMatcher.doCredentialsMatch比对
  59. public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
  60.   Object tokenCredentials = getCredentials(token);
  61.   Object accountCredentials = getCredentials(info);
  62.   return equals(tokenCredentials, accountCredentials);
  63. }

同理,授权也是通过调用authorizer来实现,authorize内部调用realm的doGetAuthorizationInfo实现

认证

WechatIMG16.jpeg

  1. package com.twx.shiro;
  3. import org.apache.shiro.SecurityUtils;
  4. import org.apache.shiro.authc.UsernamePasswordToken;
  5. import org.apache.shiro.mgt.DefaultSecurityManager;
  6. import org.apache.shiro.realm.SimpleAccountRealm;
  7. import org.apache.shiro.subject.Subject;
  8. import org.junit.Before;
  9. import org.junit.Test;
  11. public class AuthenticationTest {
  14.     SimpleAccountRealm simpleAccountRealm = new SimpleAccountRealm();
  16.     @Before
  17.     public void addUser(){
  18.         simpleAccountRealm.addAccount("mark","123456");
  19.     }
  21.     @Test
  22.     public void testAuthentication(){
  24.         //1.构建SecruityManager环境
  25.         DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
  26.         defaultSecurityManager.setRealm(simpleAccountRealm);
  28.         //2. 主体提交认证请求
  29.         SecurityUtils.setSecurityManager(defaultSecurityManager);
  30.         Subject subject = SecurityUtils.getSubject();
  32.         UsernamePasswordToken token = new UsernamePasswordToken("mark","123456");
  33.         subject.login(token);
  35.         System.out.println("isAuthenticated: "+subject.isAuthenticated());
  37.        subject.logout();
  38.         System.out.println("isAuthenticated: "+subject.isAuthenticated());
  39.     }
  40. }

授权

WechatIMG15.jpeg

  1. package com.twx.shiro;
  3. import org.apache.shiro.SecurityUtils;
  4. import org.apache.shiro.authc.UsernamePasswordToken;
  5. import org.apache.shiro.mgt.DefaultSecurityManager;
  6. import org.apache.shiro.realm.SimpleAccountRealm;
  7. import org.apache.shiro.subject.Subject;
  8. import org.junit.Before;
  9. import org.junit.Test;
  11. public class AuthenticationTest {
  14.     SimpleAccountRealm simpleAccountRealm = new SimpleAccountRealm();
  16.     @Before
  17.     public void addUser(){
  18.         simpleAccountRealm.addAccount("mark","123456","admin","dev");
  19.     }
  21.     @Test
  22.     public void testAuthentication(){
  24.         //1.构建SecruityManager环境
  25.         DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
  26.         defaultSecurityManager.setRealm(simpleAccountRealm);
  28.         //2. 主体提交认证请求
  29.         SecurityUtils.setSecurityManager(defaultSecurityManager);
  30.         Subject subject = SecurityUtils.getSubject();
  32.         UsernamePasswordToken token = new UsernamePasswordToken("mark","123456");
  33.         subject.login(token);
  35.         System.out.println("isAuthenticated: "+subject.isAuthenticated());
  37. //        subject.checkRole("admin");
  38.         subject.checkRoles("admin","dev");
  40.        subject.logout();
  41.         System.out.println("isAuthenticated: "+subject.isAuthenticated());
  42.     }
  43. }