Shiro__ Custom Realm authentication account password, doGetAuthenticationInfo relevant source code parsing

Custom MyRealm inherit AuthorizingRealm
rewrite doGetAuthorizationInfo and doGetAuthenticationInfo two methods,
doGetAuthorizationInfo for authorization, doGetAuthenticationInfo for certification

package com.test;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

public class MyRealm extends AuthorizingRealm{

    /**
     * 授权
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
        // TODO Auto-generated method stub
        return null;
    }

    /**
     * 认证
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
        // TODO Auto-generated method stub
        //获取账号信息
        Object principal = arg0.getPrincipal();
        //从数据库等数据源获取数据
        String name = "root";
        String pwd = "123456";
        if (!name.equals(principal)) {//低质量的匹配认证
            return null;

        }
        
        return new SimpleAuthenticationInfo(principal, pwd, "MyRealm");
    }

}

Shiro.ini located Bunken:

[main]
#自定义 realm
customRealm=com.test.MyRealm
#将realm设置到securityManager
securityManager.realms=$customRealm

test:

package com.test;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.apache.shiro.mgt.SecurityManager;

public class Test {
    public static void main(String[] args) {
        // 获取SecurityManagerFactory对象
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
        // 根据工厂对象获取SecurityManager对象
        SecurityManager manager = factory.getInstance();
        // 将SecurityManager添加到运行环境中
        SecurityUtils.setSecurityManager(manager);
        
        // 获取Subject对象
        Subject subject = SecurityUtils.getSubject();   
        // 获取对应的认证令牌
        AuthenticationToken token = new UsernamePasswordToken("root", "123456") ;
        // 做登录认证
        try {
            subject.login(token);
            System.out.println("登录成功....");
        } catch (UnknownAccountException e) {
            System.out.println("账号错误...");
        } catch (IncorrectCredentialsException e) {
            System.out.println("密码错误...");
        }
        System.out.println(subject.isAuthenticated());
    }
}

Required dependencies:

<dependencies>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.1.0</version>
        </dependency>
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-simple</artifactId>
            <version>1.6.1</version>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>4.12</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.2</version>
        </dependency>
    </dependencies>

Second,
from the source to see AuthorizingRealm

doGetAuthenticationInfo Related Items:

AuthenticatingRealm abstract class:

AuthorizingRealm继承了AuthenticatingRealm，
最后doGetAuthorizationInfo和doGetAuthenticationInfo两个方法在SimpleAccountRealm中被实现了

那么这里实现了doGetAuthorizationInfo和doGetAuthenticationInfo两个方法是从ini配置文件里进行匹配认证账号和密码等信息的。
我们如何让它对我们相关业务去进行匹配验证了？
只需要我们去继承AuthorizingRealm抽象类，实现doGetAuthorizationInfo和doGetAuthenticationInfo两个抽象方法，根据我们自己的业务需求去获取数据和认证授权，
例如：从数据库查询出账号密码，进行认证，不默认的去从ini配置文件里读取账号和密码进行认证。

AuthenticatingRealm和AuthorizingRealm都有doGetAuthorizationInfo和doGetAuthenticationInfo两个方法。AuthorizingRealm继承了AuthenticatingRealm，而AuthenticatingRealm中需要重写的方法很多，而继承AuthorizingRealm只需要重写我们需要的重写doGetAuthorizationInfo和doGetAuthenticationInfo两个方法。

注意：自定义的Realm只完成了账号的认证。密码认证还是在AuthenticatingRealm中完成的，只是我们在自定义Realm中完成了密码的设置。

AuthenticatingRealm class provides

protected abstract AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException;

Outwardly exposed for custom implementation of the method, in fact AuthenticatingRealm class also implements AuthenticationInfo,

这里的AuthenticationInfo方法就是实际验证了密码。

Learn Gangster:

https://dpb-bobokaoya-sm.blog.csdn.net/article/details/86629568