追踪Subject的login(AuthenticationToken token)方法,其调用的为DelegatingSubject类的login方法,DelegatingSubject实现了Subject接口,DelegatingSubject#login如下:

 1 public void login(AuthenticationToken token) throws AuthenticationException {

 2     clearRunAsIdentitiesInternal();

 3     Subject subject = securityManager.login(this, token);

 4

 5     PrincipalCollection principals;

 6

 7     String host = null;

 8

 9     if (subject instanceof DelegatingSubject) {

10         DelegatingSubject delegating = (DelegatingSubject) subject;

11         //we have to do this in case there are assumed identities - we don't want to lose the 'real' principals:

12         principals = delegating.principals;

13         host = delegating.host;

14     } else {

15         principals = subject.getPrincipals();

16     }

17

18     if (principals == null || principals.isEmpty()) {

19         String msg = "Principals returned from securityManager.login( token ) returned a null or " +

20                 "empty value.  This value must be non null and populated with one or more elements.";

21         throw new IllegalStateException(msg);

22     }

23     this.principals = principals;

24     this.authenticated = true;

25     if (token instanceof HostAuthenticationToken) {

26         host = ((HostAuthenticationToken) token).getHost();

27     }

28     if (host != null) {

29         this.host = host;

30     }

31     Session session = subject.getSession(false);

32     if (session != null) {

33         this.session = decorate(session);

34     } else {

35         this.session = null;

36     }

37 }

在上面代码的第三行:Subject subject = securityManager.login(this, token); 注意到其调用了SecurityManager的login方法,SecurityManager为接口,实际上调用的其实现类DefaultSecurityManager的login方法,方法如下:

 1 public Subject login(Subject subject, AuthenticationToken token) throws AuthenticationException {

 2     AuthenticationInfo info;

 3     try {

 4         info = authenticate(token);

 5     } catch (AuthenticationException ae) {

 6         try {

 7             onFailedLogin(token, ae, subject);

 8         } catch (Exception e) {

 9             if (log.isInfoEnabled()) {

10                 log.info("onFailedLogin method threw an " +

11                         "exception.  Logging and propagating original AuthenticationException.", e);

12             }

13         }

14         throw ae; //propagate

15     }

16

17     Subject loggedIn = createSubject(token, info, subject);

18

19     onSuccessfulLogin(token, info, loggedIn);

20

21     return loggedIn;

22 }

在上面代码第四行:info = authenticate(token); 继续跟踪,发现authenticate(AuthenticationToken token);方法为DefaultSecurityManager的父类AuthenticatingSecurityManager的方法,AuthenticatingSecurityManager#authenticate方法如下:

1 public AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {

2     return this.authenticator.authenticate(token);

3 }

authenticator为Authenticator接口,继续跟踪,AbstractAuthenticator抽象类实现了Authenticator接口,接下来继续查看AbstractAuthenticator#authenticate(token);方法:

 1 public final AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException {

 2

 3     if (token == null) {

 4         throw new IllegalArgumentException("Method argument (authentication token) cannot be null.");

 5     }

 6

 7     log.trace("Authentication attempt received for token [{}]", token);

 8

 9     AuthenticationInfo info;

10     try {

11         info = doAuthenticate(token);

12         if (info == null) {

13             String msg = "No account information found for authentication token [" + token + "] by this " +

14                     "Authenticator instance.  Please check that it is configured correctly.";

15             throw new AuthenticationException(msg);

16         }

17     } catch (Throwable t) {

18         AuthenticationException ae = null;

19         if (t instanceof AuthenticationException) {

20             ae = (AuthenticationException) t;

21         }

22         if (ae == null) {

23             //Exception thrown was not an expected AuthenticationException.  Therefore it is probably a little more

24             //severe or unexpected.  So, wrap in an AuthenticationException, log to warn, and propagate:

25             String msg = "Authentication failed for token submission [" + token + "].  Possible unexpected " +

26                     "error? (Typical or expected login exceptions should extend from AuthenticationException).";

27             ae = new AuthenticationException(msg, t);

28             if (log.isWarnEnabled())

29                 log.warn(msg, t);

30         }

31         try {

32             notifyFailure(token, ae);

33         } catch (Throwable t2) {

34             if (log.isWarnEnabled()) {

35                 String msg = "Unable to send notification for failed authentication attempt - listener error?.  " +

36                         "Please check your AuthenticationListener implementation(s).  Logging sending exception " +

37                         "and propagating original AuthenticationException instead...";

38                 log.warn(msg, t2);

39             }

40         }

41         throw ae;

42     }

43

44     log.debug("Authentication successful for token [{}].  Returned account [{}]", token, info);

45

46     notifySuccess(token, info);

47

48     return info;

49 }

上面代码第11行:info = doAuthenticate(token); 这个方法为ModularRealmAuthticator类中的方法,因为ModularRealmAuthticator继承了AbstractAuthenticator抽象类。另外,要注意第12行-第16行,如果info==null,就会抛出异常。ModularRealmAuthticator的doAuthenticate(token);方法如下:

1 protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {

2     assertRealmsConfigured();

3     Collection<Realm> realms = getRealms();

4     if (realms.size() == 1) {

5         return doSingleRealmAuthentication(realms.iterator().next(), authenticationToken);

6     } else {

7         return doMultiRealmAuthentication(realms, authenticationToken);

8     }

9 }

这里,我们关注上面第五行代码:doSingleRealmAuthentication(realms.iterator().next(), authenticationToken); else语句中的doMultiRealmAuthentication(realms, authenticationToken);类似。跟踪到doSingleRealmAuthentication方法如下:

 1 protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken token) {

 2     if (!realm.supports(token)) {

 3         String msg = "Realm [" + realm + "] does not support authentication token [" +

 4                 token + "].  Please ensure that the appropriate Realm implementation is " +

 5                 "configured correctly or that the realm accepts AuthenticationTokens of this type.";

 6         throw new UnsupportedTokenException(msg);

 7     }

 8     AuthenticationInfo info = realm.getAuthenticationInfo(token);

 9     if (info == null) {

10         String msg = "Realm [" + realm + "] was unable to find account data for the " +

11                 "submitted AuthenticationToken [" + token + "].";

12         throw new UnknownAccountException(msg);

13     }

14     return info;

15 }

上面代码第八行:AuthenticationInfo info = realm.getAuthenticationInfo(token); realm为Realm接口,实际上调用的是其实现类AuthenticatingRealm中的getAuthenticationInfo方法,方法如下:

 1 public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

 2

 3     AuthenticationInfo info = getCachedAuthenticationInfo(token);

 4     if (info == null) {

 5         //otherwise not cached, perform the lookup:

 6         info = doGetAuthenticationInfo(token);

 7         log.debug("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", info);

 8         if (token != null && info != null) {

 9             cacheAuthenticationInfoIfPossible(token, info);

10         }

11     } else {

12         log.debug("Using cached authentication info [{}] to perform credentials matching.", info);

13     }

14

15     if (info != null) {

16         assertCredentialsMatch(token, info);

17     } else {

18         log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}].  Returning null.", token);

19     }

20     return info;

21 }

上面代码第三行:AuthenticationInfo info = getCachedAuthenticationInfo(token);从缓存中获取认证信息,如果未获取到,则调用第六行的doGetAuthenticationInfo(token); 方法获取认证信息。继续跟踪,发现有几个类实现了该方法,如下图所示:

最后,附上SecurityManager和Realm等的类关系图:

Realm:

SecurityManager:

Authenticator:

https://www.cnblogs.com/ccfdod/p/6436353.html

shiro学习笔记-Subject#login(token)源码实现过程的更多相关文章

  1. shiro学习笔记-Subject#login(token)实现过程

    本博文所有的代码均为shiro官网(http://shiro.apache.org/)中shiro 1.3.2版本中的源码. 追踪Subject的login(AuthenticationToken t ...

  2. Nginx学习笔记(六) 源码分析&启动过程

    Nginx的启动过程 主要介绍Nginx的启动过程,可以在/core/nginx.c中找到Nginx的主函数main(),那么就从这里开始分析Nginx的启动过程. 涉及到的基本函数 源码: /* * ...

  3. Bootstrap学习笔记上(带源码)

    阅读目录 排版 表单 网格系统 菜单.按钮 做好笔记方便日后查阅o(╯□╰)o bootstrap简介: ☑  简单灵活可用于架构流行的用户界面和交互接口的html.css.javascript工具集 ...

  4. GuavaCache学习笔记三:底层源码阅读

    申明:转载自 https://www.cnblogs.com/dennyzhangdd/p/8981982.html 感谢原博主的分享,看到这个写的真好,直接转载来,学习了. 另外也推荐另外一篇Gua ...

  5. Nginx学习笔记(五) 源码分析&内存模块&内存对齐

    Nginx源码分析&内存模块 今天总结了下C语言的内存分配问题,那么就看看Nginx的内存分配相关模型的具体实现.还有内存对齐的内容~~不懂的可以看看~~ src/os/unix/Ngx_al ...

  6. Nginx学习笔记(四) 源码分析&socket/UDP/shmem

    源码分析 在茫茫的源码中,看到了几个好像挺熟悉的名字(socket/UDP/shmem).那就来看看这个文件吧!从简单的开始~~~ src/os/unix/Ngx_socket.h&Ngx_s ...

  7. Android(java)学习笔记203:网页源码查看器(Handler消息机制)

    1.项目框架图: 2.首先是布局文件activity_main.xml: <LinearLayout xmlns:android="http://schemas.android.com ...

  8. Android(java)学习笔记146:网页源码查看器(Handler消息机制)

    1.项目框架图: 2.首先是布局文件activity_main.xml: <LinearLayout xmlns:android="http://schemas.android.com ...

  9. java学习笔记之集合—ArrayList源码解析

    1.ArrayList简介 ArrayList是一个数组队列,与java中的数组的容量固定不同,它可以动态的实现容量的增涨.所以ArrayList也叫动态数组.当我们知道有多少个数据元素的时候,我们用 ...

随机推荐

  1. 《深入理解JVM虚拟机》读书笔记

    前言:<深入理解JVM虚拟机>是JAVA的经典著作之一,因为内容更偏向底层,所以之前一直没有好好的阅读过.最近因为刚好有空,又有了新目标.所以打算和<构架师的12项修炼>一起看 ...

  2. L1-044. 稳赢

    这种题不是考思维,就是考你细心程度还有基础知识的,代码如下: #include <iostream> #include <string> using namespace std ...

  3. Qt532.容器QMap&QMultiMap

    PS: QMap 一个Key 只能对应 一个Value (不是绝对的情况...内部都有 一个key对应多个value的机制) PS: QMultiMap 一个Key 可以对应 多个Value PS:  ...

  4. java获取当前项目或类路径

    // 获取当前项目的目录 File directory = new File("");// 参数为空 String courseFile = directory.getCanoni ...

  5. leecode第二十三题(合并K个排序链表)

    /** * Definition for singly-linked list. * struct ListNode { * int val; * ListNode *next; * ListNode ...

  6. 虹软2.0免费离线人脸识别 Demo [C++]

    环境: win10(10.0.16299.0)+ VS2017 sdk版本:ArcFace v2.0 OPENCV3.43版本 x64平台Debug.Release配置都已通过编译 下载地址:http ...

  7. Android 关于虹软人脸识别SDK引擎使用总结

    虹软 最近开放了人脸识别的SDK引擎(免费的哦),刚好有Android版的,就体验了一波.下面来说说Android版的SDK使用心得: ArcFace 虹软人脸认知引擎简介 目前开放的版本有人脸比对( ...

  8. CC初试啼声-----演讲与我

    演讲与我 我非常讨厌演讲,因为我不会演讲,当我站在许多人面前讲话时,我会非常的紧张,我会血压升高,心跳加速,后背冒冷汗. 第一次演讲应该是在我初二的时候,期末考试结束,班级前五名的同学要做一个分享,我 ...

  9. 全排列问题Ⅰ(Java实现)

    给定一个没有重复数字的序列,返回其所有可能的全排列. 示例: 输入: [1,2,3] 输出: [ [1,2,3], [1,3,2], [2,1,3], [2,3,1], [3,1,2], [3,2,1 ...

  10. python 爬虫利器 Beautiful Soup

    python 爬虫利器 Beautiful Soup Beautiful Soup 是一个可以从HTML或XML文件中提取数据的Python库.它能够通过你喜欢的转换器实现惯用的文档导航,查找,修改文 ...