Shiro身份验证流转分析
【冯立雄】的身份验证流转分析,一步步debug下来的 1.ShiroHandler.login(token); 2.DelegatingSubject.login(token); 3.securityManager.login(this, token); 4.DefaultSecurityManager.login(subject,token); 5.AuthenticatingSecurityManager.authenticate(token); 6.AbstractAuthenticator.authenticate(token); ---------------------------------------------------- 7.ModularRealmAuthenticator.doAuthenticate(token); Collection<Realm> realms = getRealms(); if (realms.size() == 1) { return doSingleRealmAuthentication(realms.iterator().next(), authenticationToken); } else { return doMultiRealmAuthentication(realms, authenticationToken); } 8.ModularRealmAuthenticator.doMultiRealmAuthentication for (Realm realm : realms) { aggregate = strategy.beforeAttempt(realm, token, aggregate); if (realm.supports(token)) { AuthenticationInfo info = realm.getAuthenticationInfo(token); } } 9.AuthenticatingRealm.getAuthenticationInfo(token) AuthenticationInfo info = getCachedAuthenticationInfo(token); if (info == null) { info = doGetAuthenticationInfo(token); if (token != null && info != null) { cacheAuthenticationInfoIfPossible(token, info); } } if (info != null) { assertCredentialsMatch(token, info); } else { log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}]. Returning null.", token); } 10.ShiroRealm.doGetAuthenticationInfo(token) 11.AuthenticatingRealm.assertCredentialsMatch(token,info) CredentialsMatcher cm = getCredentialsMatcher(); if (cm != null) { if (!cm.doCredentialsMatch(token, info)) { String msg = "Submitted credentials for token [" + token + "] did not match the expected credentials."; throw new IncorrectCredentialsException(msg); } } else { throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify " + "credentials during authentication. If you do not wish for credentials to be examined, you " + "can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance."); } 12.HashedCredentialsMatcher.doCredentialsMatch(token,info) Object tokenHashedCredentials = hashProvidedCredentials(token, info); Object accountCredentials = getCredentials(info); return equals(tokenHashedCredentials, accountCredentials); 13.AbstractAuthenticator.authenticate(token);--->6 ------------------------------------------------------------------------------- 14.AbstractAuthenticator.notifySuccess(token, info);