Brief introduction
- SecurityManager: security manager, Shiro core components. By Shiro SecurityManager instance to manage the internal components, and provides a variety of services through its safety management.
- Authenticator: Authenticator, Certification AuthenticationToken is valid.
- Authorizer: authorizer, handling roles and permissions.
- SessionManager: Session Manager, Management Session.
- Subject: The current operating body, represents the current user.
- SubjectContext: Subject context data objects.
- AuthenticationToken: authentication token information (username, password, etc.).
- ThreadContext: thread context object, the object is responsible for binding to the current thread.
In the process of learning and use of Shiro, we all know SecurityManager interface is the most central interface in Shiro. We analyzed along this interface.
The following codes are defined SecurityManager interface:
public interface SecurityManager extends Authenticator, Authorizer, SessionManager { /** * 登录 */ Subject login(Subject subject, AuthenticationToken authenticationToken) throws AuthenticationException; /** * 登出 */ void logout(Subject subject); /** * 创建Subject */ Subject createSubject(SubjectContext context); } It defines three methods in the SecurityManager, namely login, logout and create Subject. Usually we use the time to be used in this way. First, create a Subject object, and then the login authentication information to authenticate incoming token by calling the login method.
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("zhang", "123"); subject.login(token); SecurityUtils analysis
Provides a convenient tool class SecurityUtils in use in Shiro, SecurityUtils core function is to obtain SecurityManager and Subject. Both interfaces are provided Shiro peripheral interface for use during development.
Use static SecurityManager defined in SecurityUtils, that is to say SecurityManager objects in the application is a single existence.
private static SecurityManager securityManager;
1. Get SecurityManager
First acquired from ThreadContext, if not, from SecurityUtils property securityManager acquired. It must exist a SecurityManager instance of an object, or throw an exception.
public static SecurityManager getSecurityManager() throws UnavailableSecurityManagerException { SecurityManager securityManager = ThreadContext.getSecurityManager(); if (securityManager == null) { securityManager = SecurityUtils.securityManager; } if (securityManager == null) { String msg = "No SecurityManager accessible to the calling code, either bound to the " + ThreadContext.class.getName() + " or as a vm static singleton. This is an invalid application " + "configuration."; throw new UnavailableSecurityManagerException(msg); } return securityManager; } 2. Get Subject
First acquired from ThreadContext, if does not exist, create a new Subject, and then stored in ThreadContext so next time you can get.
public static Subject getSubject() { Subject subject = ThreadContext.getSubject(); if (subject == null) { subject = (new Subject.Builder()).buildSubject(); ThreadContext.bind(subject); } return subject; } buildSubject () method is important in the above code is provided by Subject.Builder class to create Subject. When you create a Subject object is also created SubjectContext, that Subject and SubjectContext it is one to one. The following code is Subject.Builder class constructor.
public Builder(SecurityManager securityManager) { if (securityManager == null) { throw new NullPointerException("SecurityManager method argument cannot be null."); } this.securityManager = securityManager; // 创建了SubjectContext实例对象 this.subjectContext = newSubjectContextInstance(); if (this.subjectContext == null) { throw new IllegalStateException("Subject instance returned from 'newSubjectContextInstance' " + "cannot be null."); } this.subjectContext.setSecurityManager(securityManager); } The buildSubject () method is actually called SecurityManager interface createSubject (SubjectContext subjectContext) method.
public Subject buildSubject() { return this.securityManager.createSubject(this.subjectContext); } to sum up
Of this chapter show SecurityManager interface createSubject (SubjectContext subjectContext) method detailed analysis SecurityUtils.getSubject (). In addition we do a detailed analysis of two methods in the analysis of Subject.
In addition, we will find SecurityManager inherited Authenticator, Authorizer, SessionManager three interfaces, so as to provide a variety of services to achieve SecurityManager security management. Were analyzed in the next article will Authenticator, Authorizer, SessionManager, so we SecurityManager basically mastered.