• shiro登陆流程


    登录请求被FormAuthenticationFilter拦截

    FormAuthenticationFilter会执行其父类AdviceFilter的doFilterInternal方法

    其代码如下:

    boolean continueChain = preHandle(request, response);//判断是否执行后面的操作
    if (continueChain) {
      executeChain(request, response, chain);//放行
    }
     postHandle(request, response);//执行完操作后的操作  

    而preHandle调用PathMatchingFilter.preHandle -> isFilterChainContinued,再调用AccessControlFilter.onPreHandle

    onPreHandle(request, response, pathConfig){
        return isAccessAllowed(request, response, mappedValue)/*判断是否允许通过,如果不允许则执行onAccessDenied*/
    || onAccessDenied(request, response, mappedValue);
    }
    //AuthenticatingFilter.isAccessAllowed(request, response, mappedValue)的代码如下 protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {   return super.isAccessAllowed(request, response, mappedValue)/*返回是已经否登录 return subject.isAuthenticated*/ ||(!isLoginRequest(request, response) && isPermissive(mappedValue)); /*不是loginUrl请求,并且是permissive的Url请求;PathMatchingFilter的appliedPaths将filterChainDefinitions中的值转为map,permissive就是从这里取得*/ }
    //FormAuthenticationFilter.onAccessDenied(request, response)的代码如下 if (isLoginRequest(request, response)) {   if (isLoginSubmission(request, response)) {//如果是loginUrl并且是post请求,执行登录请求     return executeLogin(request, response);   } else {//如果是loginUrl并且是get请求,则运行放行,否则调到get的loginUrl     return ture; } } else { saveRequestAndRedirectToLogin(request, response); //如果不是loginUrl,跳转到get的loginUrl   return false; }
    //当点击post请求的loginUrl后,执行executeLogin,代码如下 AuthenticationToken token
    = createToken(request, response);//抽象方法,待实现。可通过request,设置AuthenticationToken的username,password if (token == null) {   throw new IllegalStateException(msg); } try {   Subject subject = getSubject(request, response);   subject.login(token);//此时调用realm的doGetAuthenticationInfo,在这里判断登录账号密码是否匹配,成功,则return AuthenticationInfo,失败,则返回异常(同时此处可设置session等)   return onLoginSuccess(token, subject, request, response);//如果subject.login成功,则执行onLoginSuccess,否则,进入catch } catch (AuthenticationException e) {      return onLoginFailure(token, e, request, response); }
  • 相关阅读:
    使用PWS调试cgi,php
    解决联想电脑常见故障及内存不足的几种方法
    How Many Tables (并查集)
    Prim
    小希的迷宫(并查集)
    并查集
    Is It A Tree?(并查集)
    hdu 1003 Max Sum(最大子窜和)
    More is better(并查集)
    01背包精讲
  • 原文地址:https://www.cnblogs.com/jaxlove-it/p/7536108.html
Copyright © 2020-2023  润新知