2017.2.7 开涛shiro教程-第六章-Realm及相关对象(二)

原博客地址:http://jinnianshilongnian.iteye.com/blog/2018398

根据下载的pdf学习。

 

第六章 Realm及相关对象(二)

1.AuthenticationToken

由上篇可知,AuthenticationToken出现在UserRealm的方法doGetAuthenticationInfo()中。这个方法是用来验证的,token是验证时所用的参数。


protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token){}

AuthenticationToken是一个接口:

public interface AuthenticationToken extends Serializable {
    Object getPrincipal(); //身份
    Object getCredentials(); //凭据
}
View Code

 

常见的拓展接口和实现类有:

 

UsernamePasswordToken的示意代码如下:

所以要实现其他登录方式,比如是telephone/password时,就可以仿照UsernamePasswordToken,实现自己的token。在方法getCredentials()里返回telephone即可。

public class UsernamePasswordToken implements HostAuthenticationToken,RememberMeAuthenticationToken{
    private java.lang.String username;
    private char[] password;
    private boolean rememberMe;
    private String host;

    ...
    public java.lang.Object getPrincipal() { 
        return username;
    }

    public java.lang.Object getCredentials() { 
        return password;
    }
} 
View Code

 

2.AuthenticationInfo

由上篇可知,AuthenticationInfo出现在UserRealm的方法doGetAuthenticationInfo()中。是验证方法的返回值。

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {//认证
    ...
    //交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配,如果觉得人家的不好可以自定义实现
    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
           user.getUsername(), //用户名
           user.getPassword(), //密码
           ByteSource.Util.bytes(user.getCredentialsSalt()),//salt=username+salt
           getName()  //realm name
    );
    return authenticationInfo;
}

 

AuthenticationInfo是一个接口:

public interface AuthenticationInfo extends Serializable {
    PrincipalCollection getPrincipals();
    Object getCredentials();
}
View Code

 

常见的拓展接口和实现类有:

 

SimpleAuthenticationInfo的示意代码如下:

 1 public class SimpleAuthenticationInfo implements MergableAuthenticationInfo, SaltedAuthenticationInfo {
 2 
 3     protected PrincipalCollection principals;//身份
 4     protected Object credentials;//凭据
 5     protected ByteSource credentialsSalt;
 6 
 7     public SimpleAuthenticationInfo(PrincipalCollection principals, Object credentials) {
 8         this.principals = new SimplePrincipalCollection(principals);
 9         this.credentials = credentials;
10     }
11 
12     public SimpleAuthenticationInfo(Object principal, Object credentials, String realmName) {
13         this.principals = new SimplePrincipalCollection(principal, realmName);
14         this.credentials = credentials;
15     }
16 
17     public SimpleAuthenticationInfo(Object principal, Object hashedCredentials, ByteSource credentialsSalt, String realmName) {
18         this.principals = new SimplePrincipalCollection(principal, realmName);
19         this.credentials = hashedCredentials;
20         this.credentialsSalt = credentialsSalt;
21     }
22 
23     ....
24    
25 }
View Code

 

3.PrincipalCollection

由上篇可知,PrincipalCollection出现在UserRealm的方法doGetAuthorizationInfo()中。这个方法是用来授权的,PrincipalCollection是授权时所用的参数。

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
     String userTenant = (String) principals.getPrimaryPrincipal();
    ...
}

 

PrincipalCollection是一个接口:

要注意一个问题,因为可以在shiro中配置多个Realm,所以身份信息principal就可以有多个。因此采用PrincipalCollection进行聚合。

在大多数实现中,AuthenticationInfo会进行merge,比如SimpleAuthenticationInfo 会合并多个 Principal为一个 PrincipalCollection

但是由于内部是Map实现的,所以方法getPrimaryPrincipal()可以看做是返回任意principal。因为map中没有顺序之分的。如果只有一个,那就是返回这一个。

1 public interface PrincipalCollection extends Iterable, Serializable {
2      ...
3      Object getPrimaryPrincipal();
4 }
View Code

 

常见的拓展接口和实现类有:

 

 4.AuthorizationInfo(授权信息)

由上篇可知,AuthenticationInfo出现在UserRealm的,授权方法doGetAuthorizationInfo()中。是该授权方法的返回值。
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
   ....
       authorizationInfo.addStringPermission(permissionString);
   ....
   return authorizationInfo;
}

 

AuthorizationInfo是一个接口:
public interface AuthorizationInfo extends Serializable {
    Collection<String> getRoles();
    Collection<String> getStringPermissions();
    Collection<Permission> getObjectPermissions();
}

 

常见的拓展接口和实现类有:

 

SimpleAuthorizationInfo的示意代码如下:(getter和setter均省略)
public class SimpleAuthorizationInfo implements AuthorizationInfo {
    protected Set<String> roles;
    protected Set<String> stringPermissions;
    protected Set<Permission> objectPermissions;

    public SimpleAuthorizationInfo() {
    }
    
    public SimpleAuthorizationInfo(Set<String> roles) {
        this.roles = roles;
    }

    public void addRole(String role) {...}
    public void addRoles(Collection<String> roles) {...}

    public void addStringPermission(String permission) {...}
    public void addStringPermissions(Collection<String> permissions) {...}

    public void addObjectPermission(Permission permission) {...}
    public void addObjectPermissions(Collection<Permission> permissions) {...}

}
View Code

 

posted @ 2017-02-08 15:48  七月流火嗞嗞嗞  阅读(617)  评论(0编辑  收藏  举报