Saiku登录源码追踪呀~

>>首先我们需要debug跟踪saiku登录执行的源码信息

saiku源码的debug方式上一篇博客已有说明,这里简单介绍一下

在saiku启动脚本中添加如下命令: (windows下: start-saiku.bat)

set CATALINA_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n  (后面可能还会有一些JVM参数信息)

使用Eclipse打开saiku源码  -- > Eclipse工具栏中的 Run  --> Debug configurations --> Remote Java Application --> 选中对应的源码项目(saiku-web),远程访问saiku的ip,以及脚本中指定监听的端口 (address) 8787  --> Debug

在浏览器中根据saiku地址信息访问saiku,输入用户名以及密码信息登录,Eclipse则会进入对应的debug阶段

>>源码追踪

1.首先会调用 saiku-web项目  org.saiku.web.rest.resources 包下的 SessionResource中的登录方法

sessionService.login(res,username,password)

/**

 * Saiku Session Endpoints

 */

@Component

@Path("/saiku/session")

public class SessionResource  {

  /*此处省略其他代码信息*/

  private ISessionService sessionService;

  /**

   * Login to Saiku

   * @summary Login

   * @param req Servlet request

   * @param username Username

   * @param password Password

   * @return A 200 response

   */

    @POST

	@Consumes("application/x-www-form-urlencoded")

	public Response login(

			@Context HttpServletRequest req,

			@FormParam("username") String username,

			@FormParam("password") String password)

	{

		try {

		  sessionService.login(req, username, password);

		  return Response.ok().build();

		}

		catch (Exception e) {

			log.debug("Error logging in:" + username, e);

			return Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getLocalizedMessage()).build();

		}

	}

}

  

2.进入org.saiku.web.service 包下的 SessionService类中的 sessionService.login(res,username,password)方法

进行认证的方法主要是:    authenticate(req, username, password);

package org.saiku.web.service;

/*此处省略了导入相关包信息*/

public class SessionService implements ISessionService {

	/**此处省略其他代码*/

	/* (non-Javadoc)

	 * @see org.saiku.web.service.ISessionService#login(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String)

	 */

	public Map<String, Object> login(HttpServletRequest req, String username, String password ) throws LicenseException {

		Object sl = null;

		String notice = null;

		HttpSession session = ((HttpServletRequest)req).getSession(true);

		session.getId();

		sessionRepo.setSession(session);

		try {

			sl = l.getLicense();

		} catch (Exception e) {

			log.debug("Could not process license", e);

			throw new LicenseException("Error fetching license. Get a free license from http://licensing.meteorite.bi. You can upload it at /upload.html");

		}

		if (sl != null) {

			try {

				l.validateLicense();

			} catch (RepositoryException | IOException | ClassNotFoundException e) {

				log.debug("Repository Exception, couldn't get license", e);

				throw new LicenseException("Error fetching license. Please check your logs.");

			}

			try {

				if (l.getLicense() instanceof SaikuLicense2) {

                    if (authenticationManager != null) {

                        authenticate(req, username, password);

                    }

                    if (SecurityContextHolder.getContext() != null

                        && SecurityContextHolder.getContext().getAuthentication() != null) {

                        Authentication auth = SecurityContextHolder.getContext().getAuthentication();

                        if (authorisationPredicate.isAuthorised(auth)) {

                            Object p = auth.getPrincipal();

                            createSession(auth, username, password);

                            return sessionHolder.get(p);

                        } else {

                            log.info(username + " failed authorisation. Rejecting login");

                            throw new RuntimeException("Authorisation failed for: " + username);

                        }

                    }

                    return new HashMap<>();

                }

			} catch (IOException | ClassNotFoundException | RepositoryException e) {

				log.debug("Repository Exception, couldn't get license", e);

				throw new LicenseException("Error fetching license. Please check your logs.");

			}

		}

		return null;

	}

}

  

3.继续进入SessionService的 authenticate (req,username,password)方法进行认证

主要认证:  Authentication authentication = this.authenticationManager.authenticate(token);

/* (non-Javadoc)

	 * @see org.saiku.web.service.ISessionService#authenticate(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String)

	 */

	public void authenticate(HttpServletRequest req, String username, String password) {

		try {

			UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);

			token.setDetails(new WebAuthenticationDetails(req));

			Authentication authentication = this.authenticationManager.authenticate(token);

			log.debug("Logging in with [{}]", authentication.getPrincipal());

			SecurityContextHolder.getContext().setAuthentication(authentication);

		}

		catch (BadCredentialsException bd) {

			throw new RuntimeException("Authentication failed for: " + username, bd);

		}

	}

  

4.转入spring-security认证框架中的 org.springframework.security.authentication包下的ProviderManager类中的  this.authenticationManager.authenticate(token)方法

主要认证: result = provider.authenticate(authentication);

	/**

	 * Attempts to authenticate the passed {@link Authentication} object.

	 * <p>

	 * The list of {@link AuthenticationProvider}s will be successively tried until an

	 * <code>AuthenticationProvider</code> indicates it is capable of authenticating the

	 * type of <code>Authentication</code> object passed. Authentication will then be

	 * attempted with that <code>AuthenticationProvider</code>.

	 * <p>

	 * If more than one <code>AuthenticationProvider</code> supports the passed

	 * <code>Authentication</code> object, only the first

	 * <code>AuthenticationProvider</code> tried will determine the result. No subsequent

	 * <code>AuthenticationProvider</code>s will be tried.

	 *

	 * @param authentication the authentication request object.

	 *

	 * @return a fully authenticated object including credentials.

	 *

	 * @throws AuthenticationException if authentication fails.

	 */

	public Authentication authenticate(Authentication authentication)

			throws AuthenticationException {

		Class<? extends Authentication> toTest = authentication.getClass();

		AuthenticationException lastException = null;

		Authentication result = null;

		boolean debug = logger.isDebugEnabled();

		for (AuthenticationProvider provider : getProviders()) {

			if (!provider.supports(toTest)) {

				continue;

			}

			if (debug) {

				logger.debug("Authentication attempt using "

						+ provider.getClass().getName());

			}

			try {

				result = provider.authenticate(authentication);

				if (result != null) {

					copyDetails(authentication, result);

					break;

				}

			}

			catch (AccountStatusException e) {

				prepareException(e, authentication);

				// SEC-546: Avoid polling additional providers if auth failure is due to

				// invalid account status

				throw e;

			}

			catch (InternalAuthenticationServiceException e) {

				prepareException(e, authentication);

				throw e;

			}

			catch (AuthenticationException e) {

				lastException = e;

			}

		}

		if (result == null && parent != null) {

			// Allow the parent to try.

			try {

				result = parent.authenticate(authentication);

			}

			catch (ProviderNotFoundException e) {

				// ignore as we will throw below if no other exception occurred prior to

				// calling parent and the parent

				// may throw ProviderNotFound even though a provider in the child already

				// handled the request

			}

			catch (AuthenticationException e) {

				lastException = e;

			}

		}

		if (result != null) {

			if (eraseCredentialsAfterAuthentication

					&& (result instanceof CredentialsContainer)) {

				// Authentication is complete. Remove credentials and other secret data

				// from authentication

				((CredentialsContainer) result).eraseCredentials();

			}

			eventPublisher.publishAuthenticationSuccess(result);

			return result;

		}

		// Parent was null, or didn't authenticate (or throw an exception).

		if (lastException == null) {

			lastException = new ProviderNotFoundException(messages.getMessage(

					"ProviderManager.providerNotFound",

					new Object[] { toTest.getName() },

					"No AuthenticationProvider found for {0}"));

		}

		prepareException(lastException, authentication);

		throw lastException;

	}

  

5.转入 org.springframework.security.authentication.dao包下的 AbstractUserDetailsAuthenticationProvider类中的 result = provider.authenticate(authentication);

关于密码的校验主要是:additionalAuthenticationChecks(user,(UsernamePasswordAuthenticationToken) authentication);

public Authentication authenticate(Authentication authentication)

			throws AuthenticationException {

		Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,

				messages.getMessage(

						"AbstractUserDetailsAuthenticationProvider.onlySupports",

						"Only UsernamePasswordAuthenticationToken is supported"));

		// Determine username

		String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED"

				: authentication.getName();

		boolean cacheWasUsed = true;

		UserDetails user = this.userCache.getUserFromCache(username);

		if (user == null) {

			cacheWasUsed = false;

			try {

				user = retrieveUser(username,

						(UsernamePasswordAuthenticationToken) authentication);

			}

			catch (UsernameNotFoundException notFound) {

				logger.debug("User '" + username + "' not found");

				if (hideUserNotFoundExceptions) {

					throw new BadCredentialsException(messages.getMessage(

							"AbstractUserDetailsAuthenticationProvider.badCredentials",

							"Bad credentials"));

				}

				else {

					throw notFound;

				}

			}

			Assert.notNull(user,

					"retrieveUser returned null - a violation of the interface contract");

		}

		try {

			preAuthenticationChecks.check(user);

			additionalAuthenticationChecks(user,

					(UsernamePasswordAuthenticationToken) authentication);

		}

		catch (AuthenticationException exception) {

			if (cacheWasUsed) {

				// There was a problem, so try again after checking

				// we're using latest data (i.e. not from the cache)

				cacheWasUsed = false;

				user = retrieveUser(username,

						(UsernamePasswordAuthenticationToken) authentication);

				preAuthenticationChecks.check(user);

				additionalAuthenticationChecks(user,

						(UsernamePasswordAuthenticationToken) authentication);

			}

			else {

				throw exception;

			}

		}

  

6.org.springframework.security.authentication.dao包下的 DaoAuthenticationProvider 类中 additionalAuthenticationChecks(user,(UsernamePasswordAuthenticationToken) authentication)方法如下

校验密码的主要方法: passwordEncoder.isPasswordValid(userDetails.getPassword(), presentedPassword,salt)

@SuppressWarnings("deprecation")

	protected void additionalAuthenticationChecks(UserDetails userDetails,

			UsernamePasswordAuthenticationToken authentication)

			throws AuthenticationException {

		Object salt = null;

		if (this.saltSource != null) {

			salt = this.saltSource.getSalt(userDetails);

		}

		if (authentication.getCredentials() == null) {

			logger.debug("Authentication failed: no credentials provided");

			throw new BadCredentialsException(messages.getMessage(

					"AbstractUserDetailsAuthenticationProvider.badCredentials",

					"Bad credentials"));

		}

		if (!passwordEncoder.isPasswordValid(userDetails.getPassword(),

				presentedPassword, salt)) {

			logger.debug("Authentication failed: password does not match stored value");

			throw new BadCredentialsException(messages.getMessage(

					"AbstractUserDetailsAuthenticationProvider.badCredentials",

					"Bad credentials"));

		}

	}

  

好了,关于saiku登录源码就追踪到这里啦~ ,到这里我们就知道怎么更改saiku对密码校验的逻辑信息啦~

Saiku登录源码追踪.(十三)的更多相关文章

  1. saiku的源码包Bulid常见问题和jar包

    最近在做kylin+mondrian+saiku的二次开发的时候,Bulid saiku的源码出现了很多问题,基本上一大部分问题jar找不到问题,很多jar国内网站都找不到.这时候只有手动下载然后注册 ...

  2. Yii2 使用 QQ 和 Weibo 第三方登录源码

    我们社区在 yii2-authclient 多次升级后,登录异常.一直想寻求一种通用的方法,尽量不重写 OAuth2, BaseOAuth 以及 OAuthToken 类, 所以本次直接在 initU ...

  3. 源码追踪,解决Could not locate executable null\bin\winutils.exe in the Hadoop binaries.问题

    在windows系统本地运行spark的wordcount程序,会出现一个异常,但不影响现有程序运行. >>提君博客原创  http://www.cnblogs.com/tijun/  & ...

  4. [大数据可视化]-saiku的源码包Bulid常见问题和jar包

    最近在做kylin+mondrian+saiku的二次开发的时候,Bulid saiku的源码出现了很多问题,基本上一大部分问题jar找不到问题,很多jar国内网站都找不到.这时候只有手动下载然后注册 ...

  5. OpenJDK源码研究笔记(十三):Javac编译过程中的上下文容器(Context)、单例(Singleton)和延迟创建(LazyCreation)3种模式

    在阅读Javac源码的过程中,发现一个上下文对象Context. 这个对象用来确保一次编译过程中的用到的类都只有一个实例,即实现我们经常提到的"单例模式". 今天,特意对这个上下文 ...

  6. CAS Server集成QQ登录、新浪微博登录源码及配置文件

    转载自素文宅博客:https://blog.yoodb.com/yoodb/article/detail/1446 CAS Server集成QQ第三方登录,CAS Server集成新浪微博第三方登录以 ...

  7. Spring Boot 注解之ObjectProvider源码追踪

    最近依旧在学习阅读Spring Boot的源代码,在此过程中涉及到很多在日常项目中比较少见的功能特性,对此深入研究一下,也挺有意思,这也是阅读源码的魅力之一.这里写成文章,分享给大家. 自动配置中的O ...

  8. [大数据可视化]-saiku的源码打包运行/二次开发构建

    Saiku构建好之后,会将项目的各个模块达成jar包,整个项目也会打成war包 saiku目录结构:   我们选中saiku-server/target/ 下面的zip压缩包.这是个打包后的文件,进行 ...

  9. 类似818tu.co微信小说分销系统设计之多公众号网页授权自动登录源码

    /** 转载请保留原地址以及版权声明,请勿恶意修改 *  作者:杨浩瑞  QQ:1420213383  独立博客:http://www.yxxrui.cn * [后台]http://xiaoshuo. ...

随机推荐

  1. python列表常用内建方法

    python列表常用内建方法: abc = ['a',1,3,'a'] #abc.pop(1) #删除索引1的值.结果['a', 3] #abc.append([123]) #结果:['a', 1, ...

  2. Qt 拷贝内容到粘贴板 || 获取粘贴板内容

    QString source = ui->textEdit_code->toPlainText(); QClipboard *clipboard = QApplication::clipb ...

  3. windows10系统下安装pygame

    1.安装python,选择版本3.7.1 下载地址:https://www.python.org/downloads/windows/选择安装版本 2.安装pip 下载地址:https://pypi. ...

  4. 极致21点开发DAY2

    今天完成的主要内容时MainScene场景中设置面板的开发.游戏逻辑:点击设置按钮,弹出音乐设置弹框,弹框内容包括音乐的打开与关闭,退出游戏. 点击退出游戏,弹出退出游戏确认面板.效果图: 1.首先在 ...

  5. 项目中常用的javascript/jquery操作

    1.判断复选框是否被选中? $("#cpuWindow").is(':checked'); 2.设置复选框被选中: $("#cpuWindow").prop(& ...

  6. 软件工程---UML理解

    1.依赖关系和关联关系 1.1依赖关系是调用关系,其又分为全局依赖.参数依赖.局部依赖 1.2关联关系是结构上的关系,按照关联的强弱又具体分为关联关系.聚合关系(整体和部分的组成关系.whole-pa ...

  7. 解决CentOS6.5虚拟机克隆后无法上网(网卡信息不一致)的问题

    一.问题描述 虚拟机克隆后,由于网卡信息不一致的问题,导致不能上网或者执行“service network restart”命令失败 [root@lyy 桌面]# ifconfig //查看当前网卡信 ...

  8. HTML响应式布局实现详解

    摘自:https://blog.csdn.net/lesouls/article/details/81454568 第一步:在网页代码的头部,加入一行viewport元标签(1)viewport是网页 ...

  9. 提交SR的一些小技巧

    在平时的时候,遇到一些问题总会在metalink上提交SR(Service Request,SR,过去也叫Technical Assistance Request,TAR ),我们提交sr的时候,总是 ...

  10. Nginx配置SSL证书实现https访问「浏览器未认证」

    http 和 https 介绍 http:应用最广泛的一种网络协议,是一个B/S的request和response的标准,用于从www服务器传输超文本到本地浏览器的传输协议. https:以安全为目标 ...