Openfire登录 auth认证
1、启动openfire ,登录 http://localhost:9090/login.jsp
输入用户名和密码
首先会读取配置文件openfire.xml的setup节点,如果为false则会跳转到setup/index.jsp页面,如果为false则会继续校验用户名和密码是否正确
我执行到login.jsp页面的
// Check that a username was provided before trying to verify credentials if (loginUsername != null) { //查看是否限制该用户登录 System.out.println(LoginLimitManager.getInstance().hasHitConnectionLimit(loginUsername, request.getRemoteAddr())); if (LoginLimitManager.getInstance().hasHitConnectionLimit(loginUsername, request.getRemoteAddr())) { throw new UnauthorizedException("User '" + loginUsername +"' or address '" + request.getRemoteAddr() + "' has his login attempt limit."); } //判断该用户是否是管理员,如果不是则不继续往下运行了,如果是则进行用户校验 //具体的实现类是DefaultAdminProvider System.out.println(!AdminManager.getInstance().isUserAdmin(loginUsername, true)); if (!AdminManager.getInstance().isUserAdmin(loginUsername, true)) { throw new UnauthorizedException("User '" + loginUsername + "' not allowed to login."); } //验证用户名和密码是否满正确,真正的实现类是配置在数据库ofproperty表中的provider.auth.className值 authToken = AuthFactory.authenticate(loginUsername, password); }
2、验证用户名和密码的类说明:
public void authenticate(String username, String password) throws UnauthorizedException { /*if (username == null || password == null) { throw new UnauthorizedException(); } username = username.trim().toLowerCase(); if (username.contains("@")) { // Check that the specified domain matches the server's domain int index = username.indexOf("@"); String domain = username.substring(index + 1); if (domain.equals(XMPPServer.getInstance().getServerInfo().getXMPPDomain())) { username = username.substring(0, index); } else { // Unknown domain. Return authentication failed. throw new UnauthorizedException(); } } try { if (!password.equals(getPassword(username))) { throw new UnauthorizedException(); } } catch (UserNotFoundException unfe) { throw new UnauthorizedException(); }*/ if (username == null || password == null) { throw new UnauthorizedException(); } if("admin".equals(username) && "huangbiao".equals(password)){ }else{ throw new UnauthorizedException(); } // Got this far, so the user must be authorized. }
在制定的类中会调用authenticate方法,只要该方法不抛出异常,就能够正常的登录后台,如果是验证不通过,则可以通过抛出UnauthorizedException异常终止代码的运行。