2017.2.7 开涛shiro教程-第六章-Realm及相关对象（二）

原博客地址：http://jinnianshilongnian.iteye.com/blog/2018398

根据下载的pdf学习。

第六章 Realm及相关对象（二）

1.AuthenticationToken

由上篇可知，AuthenticationToken出现在UserRealm的方法doGetAuthenticationInfo（）中。这个方法是用来验证的，token是验证时所用的参数。

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token){}

AuthenticationToken是一个接口：

public interface AuthenticationToken extends Serializable {
    Object getPrincipal(); //身份
    Object getCredentials(); //凭据
}

常见的拓展接口和实现类有：

UsernamePasswordToken的示意代码如下：

所以要实现其他登录方式，比如是telephone/password时，就可以仿照UsernamePasswordToken，实现自己的token。在方法getCredentials()里返回telephone即可。

public class UsernamePasswordToken implements HostAuthenticationToken，RememberMeAuthenticationToken{
    private java.lang.String username;
    private char[] password;
    private boolean rememberMe;
    private String host;

    ...
    public java.lang.Object getPrincipal() {
        return username;
    }

    public java.lang.Object getCredentials() {
        return password;
    }
} 

2.AuthenticationInfo

由上篇可知，AuthenticationInfo出现在UserRealm的方法doGetAuthenticationInfo（）中。是验证方法的返回值。

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {//认证
    ...
    //交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配，如果觉得人家的不好可以自定义实现
    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
           user.getUsername(), //用户名
           user.getPassword(), //密码
           ByteSource.Util.bytes(user.getCredentialsSalt()),//salt=username+salt
           getName()  //realm name
    );
    return authenticationInfo;
}

AuthenticationInfo是一个接口：

public interface AuthenticationInfo extends Serializable {
    PrincipalCollection getPrincipals();
    Object getCredentials();
}

常见的拓展接口和实现类有：

SimpleAuthenticationInfo的示意代码如下：

 public class SimpleAuthenticationInfo implements MergableAuthenticationInfo, SaltedAuthenticationInfo {

     protected PrincipalCollection principals;//身份
     protected Object credentials;//凭据
     protected ByteSource credentialsSalt;

     public SimpleAuthenticationInfo(PrincipalCollection principals, Object credentials) {
         this.principals = new SimplePrincipalCollection(principals);
         this.credentials = credentials;
     }

     public SimpleAuthenticationInfo(Object principal, Object credentials, String realmName) {
         this.principals = new SimplePrincipalCollection(principal, realmName);
         this.credentials = credentials;
     }

     public SimpleAuthenticationInfo(Object principal, Object hashedCredentials, ByteSource credentialsSalt, String realmName) {
         this.principals = new SimplePrincipalCollection(principal, realmName);
         this.credentials = hashedCredentials;
         this.credentialsSalt = credentialsSalt;
     }

     ....

 }

3.PrincipalCollection

由上篇可知，PrincipalCollection出现在UserRealm的方法doGetAuthorizationInfo（）中。这个方法是用来授权的，PrincipalCollection是授权时所用的参数。

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
     String userTenant = (String) principals.getPrimaryPrincipal();
    ...
}

PrincipalCollection是一个接口：

要注意一个问题，因为可以在shiro中配置多个Realm，所以身份信息principal就可以有多个。因此采用PrincipalCollection进行聚合。

在大多数实现中，AuthenticationInfo会进行merge，比如SimpleAuthenticationInfo 会合并多个 Principal为一个 PrincipalCollection。

但是由于内部是Map实现的，所以方法getPrimaryPrincipal（）可以看做是返回任意principal。因为map中没有顺序之分的。如果只有一个，那就是返回这一个。

1 public interface PrincipalCollection extends Iterable, Serializable {
2      ...
3      Object getPrimaryPrincipal();
4 }

常见的拓展接口和实现类有：

 4.AuthorizationInfo（授权信息）

由上篇可知，AuthenticationInfo出现在UserRealm的，授权方法doGetAuthorizationInfo（）中。是该授权方法的返回值。

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
   ....
       authorizationInfo.addStringPermission(permissionString);
   ....
   return authorizationInfo;
}

AuthorizationInfo是一个接口：

public interface AuthorizationInfo extends Serializable {
    Collection<String> getRoles();
    Collection<String> getStringPermissions();
    Collection<Permission> getObjectPermissions();
}

常见的拓展接口和实现类有：

SimpleAuthorizationInfo的示意代码如下：(getter和setter均省略)

public class SimpleAuthorizationInfo implements AuthorizationInfo {
    protected Set<String> roles;
    protected Set<String> stringPermissions;
    protected Set<Permission> objectPermissions;

    public SimpleAuthorizationInfo() {
    }

    public SimpleAuthorizationInfo(Set<String> roles) {
        this.roles = roles;
    }

    public void addRole(String role) {...}
    public void addRoles(Collection<String> roles) {...}

    public void addStringPermission(String permission) {...}
    public void addStringPermissions(Collection<String> permissions) {...}

    public void addObjectPermission(Permission permission) {...}
    public void addObjectPermissions(Collection<Permission> permissions) {...}

}