Shulou(Shulou.com)06/02 Report--

This article mainly explains the "Shiro authentication process", the article explains the content is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in-depth, together to study and learn "Shiro authentication process" bar!

After you understand the architecture of Shiro, take a look at debug and follow the authentication process. Use Realm to authenticate the username and password.

Use realm to access data in the database

Get the current subject

Verify that subject is logged in

If there is no authentication, encapsulate the user name and password

1.0 create form page storage submission

2.0 request to handler submitted to mvc

3.0 get username and password

4.0 execute login: call subject's login (token)

5.0Custom realm, get the corresponding record from the database and return it to shiro

Realm implementation class AuthenticatingRealm

Protected abstract AuthenticationInfo doGetAuthenticationInfo (AuthenticationToken var1) throws AuthenticationException

Implement this method

6.0Shiro completes the comparison of passwords

CurrentUser.login (token); implementation of login method void login (AuthenticationToken var1) throws AuthenticationException

Go down and look at the implementation.

Public void login (AuthenticationToken token) throws AuthenticationException {this.clearRunAsIdentitiesInternal (); Subject subject = this.securityManager.login (this, token); String host = null; PrincipalCollection principals; if (subject instanceof DelegatingSubject) {DelegatingSubject delegating = (DelegatingSubject) subject; principals = delegating.principals; host = delegating.host;} else {principals = subject.getPrincipals ();}

If (principals! = null & &! principals.isEmpty ()) {this.principals = principals; this.authenticated = true; if (token instanceof HostAuthenticationToken) {host = ((HostAuthenticationToken) token) .getHost ();}

If (host! = null) {this.host = host;}

Session session = subject.getSession (false); if (session! = null) {this.session = this.decorate (session);} else {this.session = null;}

} else {String msg = "Principals returned from securityManager.login (token) returned a null or empty value. This value must be non null and populated with one or more elements."; throw new IllegalStateException (msg);}} info = this.authenticate (token)

Public AuthenticationInfo authenticate (AuthenticationToken token) throws AuthenticationException {return this.authenticator.authenticate (token);}

The final call

= public final AuthenticationInfo getAuthenticationInfo (AuthenticationToken token) throws AuthenticationException {AuthenticationInfo info = this.getCachedAuthenticationInfo (token); if (info = = null) {info = this.doGetAuthenticationInfo (token); log.debug ("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", info); if (token! = null & & info! = null) {this.cacheAuthenticationInfoIfPossible (token, info) }} else {log.debug ("Using cached authentication info [{}] to perform credentials matching.", info);}

If (info! = null) {this.assertCredentialsMatch (token, info);} else {log.debug ("No AuthenticationInfo found for submitted AuthenticationToken [{}]. Returning null.", token);}

Return info;} int I = token.hashCode (); hashcode and info = this.doGetAuthenticationInfo (token) at this time; the token obtained by doGetAuthenticationInfo is the same

However, it will be because the cache cannot achieve the effect of returning the same verification after login.

How does Shiro compare passwords

The password obtained from the database and the password passed from the front desk are saved in token.

And then compare it.

Comparison of passwords

Public boolean doCredentialsMatch (AuthenticationToken token, AuthenticationInfo info) {Object tokenCredentials = getCredentials (token); Object accountCredentials = getCredentials (info); return equals (tokenCredentials, accountCredentials);} public void setCredentialsMatcher (CredentialsMatcher credentialsMatcher) {this.credentialsMatcher = credentialsMatcher;}

After the authentication process, you can make it clear that Shiro still needs the data in the database to compare the password with the foreground data. If you cannot jump to the page or go to the method, you need to configure URL in applicationcontext.xml.

Thank you for your reading, the above is the content of the "Shiro certification process", after the study of this article, I believe you have a deeper understanding of the Shiro certification process, the specific use of the situation also needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.