Recently, I applied the shiro framework to a project to realize permission management, and I also realized it while checking the information on the Internet. Sister Li, who is not deep enough on the details of shiro, has encountered a lot of troubles in the project. Now tell me what happened to me
//1. Convert AuthenticationToken to UsernamePasswordToken
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
//2. Get username from UsernamePasswordToken
String username = upToken.getUsername();
System.out.println("doGetAuthenticationInfo---username:"+username);
//3. Call the method of the database to query the user record corresponding to the username from the database
System.out.println("2222");
TManagerUser managerUser = sysUserManagerService.queryUserByLoginName(username);
System.out.println("3333");
System.out.println("doGetAuthenticationInfo---managerUser:"+JSONObject.toJSON(managerUser));
//4. If the user does not exist, an UnknownAccountException can be thrown
System.out.println("1111");
if(managerUser==null){
throw new UnknownAccountException("User does not exist!");
}else {
//5. According to the user information, decide whether to throw other AuthenticationException exceptions.
if("locked".equals(managerUser.getUserStatus())){
throw new LockedAccountException("User is locked");
}
//6. According to the user's situation, construct the AuthenticationInfo object and return it. The commonly used implementation class is: SimpleAuthenticationInfo
//The following information is obtained from the database.
//1). principal: Authenticated entity information. It can be username, or the entity class object of the user corresponding to the data table.
Object principal = username;
//2).credentials: password.
Object credentials = managerUser.getUserPassword();
System.out.println("credentials:"+credentials);
//3). realmName: The name of the current realm object. Just call the getName() method of the parent class
String realmName = getName();
//4). Salt value. Use username as salt
ByteSource credentialsSalt = ByteSource.Util.bytes (username);
SimpleAuthenticationInfo info = null; //new SimpleAuthenticationInfo(principal, credentials, realmName);
info = new SimpleAuthenticationInfo(principal, credentials, credentialsSalt, realmName);
System.out.println("info:"+JSONObject.toJSON(info));
return info;
}
Above is the custom realm I configured. It is found that the user can enter the custom realm, but only "2222" and above can be printed. The queryUserByLoginName method and the following cannot be run, but it is very strange that the background does not report an error, and you can continue to run other related programs. .
After searching on the Internet for a long time, I found that there are many problems on the Internet that the service has not been properly introduced. So I added try-catch code to the service method, and later found that he would catch a null pointer exception. As shown below:
Then follow this prompt to solve the problem. The project is built by the ssm framework, so combined with the tips on the Internet, I wondered if it was because the service was not introduced before realm. As a result, the introduction of relevant configurations in the relevant configuration files of spring has not been implemented (I am a novice, just working for a while, and I am not very familiar with the understanding and application of spring, I hope there is a great god for guidance). Finally, it is implemented by a very stupid method, which is to replace the queryUserByLoginName method of the service. Change it to the following code to achieve
SqlSession openSession = sqlSessionFactory.openSession(); TManagerUserMapper userMapper = openSession.getMapper(TManagerUserMapper.class); TManagerUserExample example = new TManagerUserExample(); example.createCriteria().andUserLoginNameEqualTo(username); List<TManagerUser> managerUsers = userMapper.selectByExample(example);If netizens have a better way, please give pointers