2017.2.7 开涛shiro教程-第六章-Realm及相关对象(二)
原博客地址:http://jinnianshilongnian.iteye.com/blog/2018398
根据下载的pdf学习。
第六章 Realm及相关对象(二)
1.AuthenticationToken
由上篇可知,AuthenticationToken出现在UserRealm的方法doGetAuthenticationInfo()中。这个方法是用来验证的,token是验证时所用的参数。
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token){}
AuthenticationToken是一个接口:
public interface AuthenticationToken extends Serializable { Object getPrincipal(); //身份 Object getCredentials(); //凭据 }
常见的拓展接口和实现类有:
UsernamePasswordToken的示意代码如下:
所以要实现其他登录方式,比如是telephone/password时,就可以仿照UsernamePasswordToken,实现自己的token。在方法getCredentials()里返回telephone即可。
public class UsernamePasswordToken implements HostAuthenticationToken,RememberMeAuthenticationToken{ private java.lang.String username; private char[] password; private boolean rememberMe; private String host; ... public java.lang.Object getPrincipal() { return username; } public java.lang.Object getCredentials() { return password; } }
2.AuthenticationInfo
由上篇可知,AuthenticationInfo出现在UserRealm的方法doGetAuthenticationInfo()中。是验证方法的返回值。
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {//认证 ... //交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配,如果觉得人家的不好可以自定义实现 SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo( user.getUsername(), //用户名 user.getPassword(), //密码 ByteSource.Util.bytes(user.getCredentialsSalt()),//salt=username+salt getName() //realm name ); return authenticationInfo; }
AuthenticationInfo是一个接口:
public interface AuthenticationInfo extends Serializable { PrincipalCollection getPrincipals(); Object getCredentials(); }
常见的拓展接口和实现类有:
SimpleAuthenticationInfo的示意代码如下:
1 public class SimpleAuthenticationInfo implements MergableAuthenticationInfo, SaltedAuthenticationInfo { 2 3 protected PrincipalCollection principals;//身份 4 protected Object credentials;//凭据 5 protected ByteSource credentialsSalt; 6 7 public SimpleAuthenticationInfo(PrincipalCollection principals, Object credentials) { 8 this.principals = new SimplePrincipalCollection(principals); 9 this.credentials = credentials; 10 } 11 12 public SimpleAuthenticationInfo(Object principal, Object credentials, String realmName) { 13 this.principals = new SimplePrincipalCollection(principal, realmName); 14 this.credentials = credentials; 15 } 16 17 public SimpleAuthenticationInfo(Object principal, Object hashedCredentials, ByteSource credentialsSalt, String realmName) { 18 this.principals = new SimplePrincipalCollection(principal, realmName); 19 this.credentials = hashedCredentials; 20 this.credentialsSalt = credentialsSalt; 21 } 22 23 .... 24 25 }
3.PrincipalCollection
由上篇可知,PrincipalCollection出现在UserRealm的方法doGetAuthorizationInfo()中。这个方法是用来授权的,PrincipalCollection是授权时所用的参数。
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String userTenant = (String) principals.getPrimaryPrincipal(); ... }
PrincipalCollection是一个接口:
要注意一个问题,因为可以在shiro中配置多个Realm,所以身份信息principal就可以有多个。因此采用PrincipalCollection进行聚合。
在大多数实现中,AuthenticationInfo会进行merge,比如SimpleAuthenticationInfo 会合并多个 Principal为一个 PrincipalCollection。
但是由于内部是Map实现的,所以方法getPrimaryPrincipal()可以看做是返回任意principal。因为map中没有顺序之分的。如果只有一个,那就是返回这一个。
1 public interface PrincipalCollection extends Iterable, Serializable { 2 ... 3 Object getPrimaryPrincipal(); 4 }
常见的拓展接口和实现类有:
4.AuthorizationInfo(授权信息)
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { .... authorizationInfo.addStringPermission(permissionString); .... return authorizationInfo; }
public interface AuthorizationInfo extends Serializable { Collection<String> getRoles(); Collection<String> getStringPermissions(); Collection<Permission> getObjectPermissions(); }
public class SimpleAuthorizationInfo implements AuthorizationInfo { protected Set<String> roles; protected Set<String> stringPermissions; protected Set<Permission> objectPermissions; public SimpleAuthorizationInfo() { } public SimpleAuthorizationInfo(Set<String> roles) { this.roles = roles; } public void addRole(String role) {...} public void addRoles(Collection<String> roles) {...} public void addStringPermission(String permission) {...} public void addStringPermissions(Collection<String> permissions) {...} public void addObjectPermission(Permission permission) {...} public void addObjectPermissions(Collection<Permission> permissions) {...} }