SessionManager所有的行为
public interface SessionManager { // 开启一个新的会话 Session start(SessionContext context); // 获得会话 Session getSession(SessionKey key) throws SessionException; }
登录
Subject currentUser = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken("username", "password"); currentUser.login(token);
DelegatingSubject的login
public void login(AuthenticationToken token) throws AuthenticationException { clearRunAsIdentitiesInternal(); // 认证登录 Subject subject = securityManager.login(this, token); PrincipalCollection principals; String host = null; if (subject instanceof DelegatingSubject) { DelegatingSubject delegating = (DelegatingSubject) subject; //we have to do this in case there are assumed identities - we don't want to lose the 'real' principals: principals = delegating.principals; host = delegating.host; } else { principals = subject.getPrincipals(); } if (principals == null || principals.isEmpty()) { String msg = "Principals returned from securityManager.login( token ) returned a null or " + "empty value. This value must be non null and populated with one or more elements."; throw new IllegalStateException(msg); } this.principals = principals; this.authenticated = true; if (token instanceof HostAuthenticationToken) { host = ((HostAuthenticationToken) token).getHost(); } if (host != null) { this.host = host; } // 认证登录成功后试图获得会话,没有的话就创建一个新的会话 Session session = subject.getSession(false); if (session != null) { this.session = decorate(session); } else { this.session = null; } }