• 关于Shiro的认证策略


     在ModularRealmAuthenticator认证器中,Shiro在认证过程中会调用认证策略,在认证器的是有策略成员变量的,

    所以我们可以自定的设置策略方式即可以在applicationContext.xml中在配置securityManager时引用认证器时,

    在认证器中配置认证策略:

    /**
         * Allows overriding the default {@code AuthenticationStrategy} utilized during multi-realm log-in attempts.
         * This object is only used when two or more Realms are configured.
         *
         * @param authenticationStrategy the strategy implementation to use during log-in attempts.
         * @since 0.2
         */
        public void setAuthenticationStrategy(AuthenticationStrategy authenticationStrategy) {
            this.authenticationStrategy = authenticationStrategy;
        }
    
     /**
         * Performs the multi-realm authentication attempt by calling back to a {@link AuthenticationStrategy} object
         * as each realm is consulted for {@code AuthenticationInfo} for the specified {@code token}.
         *
         * @param realms the multiple realms configured on this Authenticator instance.
         * @param token  the submitted AuthenticationToken representing the subject's (user's) log-in principals and credentials.
         * @return an aggregated AuthenticationInfo instance representing account data across all the successfully
         *         consulted realms.
         */
        protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {
    
            AuthenticationStrategy strategy = getAuthenticationStrategy();
    
            AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);
    
            if (log.isTraceEnabled()) {
                log.trace("Iterating through {} realms for PAM authentication", realms.size());
            }
    
            for (Realm realm : realms) {
    
                aggregate = strategy.beforeAttempt(realm, token, aggregate);
    
                if (realm.supports(token)) {
    
                    log.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm);
    
                    AuthenticationInfo info = null;
                    Throwable t = null;
                    try {
                        info = realm.getAuthenticationInfo(token);
                    } catch (Throwable throwable) {
                        t = throwable;
                        if (log.isWarnEnabled()) {
                            String msg = "Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:";
                            log.warn(msg, t);
                        }
                    }
    
                    aggregate = strategy.afterAttempt(realm, token, info, aggregate, t);
    
                } else {
                    log.debug("Realm [{}] does not support token {}.  Skipping realm.", realm, token);
                }
            }
    
            aggregate = strategy.afterAllAttempts(token, aggregate);
    
            return aggregate;
        }
         <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="cacheManager" ref="cacheManager"/>
            <property name="auticationtor" ref="auticationtor"></property>
         </bean>
         <bean name="auticationtor" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator">
            <property name="realms">
               <list>
                    <ref bean=""/>
                    <ref bean=""/>
               </list>
            </property>
            <property name="authenticationStrategy" ref="allSuccessfulStrategy"/>
         </bean>
         <bean id="allSuccessfulStrategy" class="org.apache.shiro.authc.pam.AllSuccessfulStrategy"></bean>
  • 相关阅读:
    Mac 配置前端基本环境
    sass安装 使用
    SVG
    css规范
    [转载] Solaris命令使用
    solaris 10 基本使用
    dos taskkill 命令
    servicemix-3.2.1 内置的服务引擎和绑定组件
    servicemix-3.2.1 部署异常
    解析XML内容到User对象
  • 原文地址:https://www.cnblogs.com/flytogalaxy/p/7698608.html
Copyright © 2020-2023  润新知