关于Shiro的认证策略
在ModularRealmAuthenticator认证器中,Shiro在认证过程中会调用认证策略,在认证器的是有策略成员变量的,
所以我们可以自定的设置策略方式即可以在applicationContext.xml中在配置securityManager时引用认证器时,
在认证器中配置认证策略:
/** * Allows overriding the default {@code AuthenticationStrategy} utilized during multi-realm log-in attempts. * This object is only used when two or more Realms are configured. * * @param authenticationStrategy the strategy implementation to use during log-in attempts. * @since 0.2 */ public void setAuthenticationStrategy(AuthenticationStrategy authenticationStrategy) { this.authenticationStrategy = authenticationStrategy; } /** * Performs the multi-realm authentication attempt by calling back to a {@link AuthenticationStrategy} object * as each realm is consulted for {@code AuthenticationInfo} for the specified {@code token}. * * @param realms the multiple realms configured on this Authenticator instance. * @param token the submitted AuthenticationToken representing the subject's (user's) log-in principals and credentials. * @return an aggregated AuthenticationInfo instance representing account data across all the successfully * consulted realms. */ protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) { AuthenticationStrategy strategy = getAuthenticationStrategy(); AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token); if (log.isTraceEnabled()) { log.trace("Iterating through {} realms for PAM authentication", realms.size()); } for (Realm realm : realms) { aggregate = strategy.beforeAttempt(realm, token, aggregate); if (realm.supports(token)) { log.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm); AuthenticationInfo info = null; Throwable t = null; try { info = realm.getAuthenticationInfo(token); } catch (Throwable throwable) { t = throwable; if (log.isWarnEnabled()) { String msg = "Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:"; log.warn(msg, t); } } aggregate = strategy.afterAttempt(realm, token, info, aggregate, t); } else { log.debug("Realm [{}] does not support token {}. Skipping realm.", realm, token); } } aggregate = strategy.afterAllAttempts(token, aggregate); return aggregate; }
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="cacheManager" ref="cacheManager"/> <property name="auticationtor" ref="auticationtor"></property> </bean> <bean name="auticationtor" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator"> <property name="realms"> <list> <ref bean=""/> <ref bean=""/> </list> </property> <property name="authenticationStrategy" ref="allSuccessfulStrategy"/> </bean> <bean id="allSuccessfulStrategy" class="org.apache.shiro.authc.pam.AllSuccessfulStrategy"></bean>