Openfire登录 auth认证
1、启动openfire ,登录 http://localhost:9090/login.jsp
输入用户名和密码
首先会读取配置文件openfire.xml的setup节点,如果为false则会跳转到setup/index.jsp页面,如果为false则会继续校验用户名和密码是否正确
我执行到login.jsp页面的
// Check that a username was provided before trying to verify credentials
if (loginUsername != null) {
//查看是否限制该用户登录
System.out.println(LoginLimitManager.getInstance().hasHitConnectionLimit(loginUsername, request.getRemoteAddr()));
if (LoginLimitManager.getInstance().hasHitConnectionLimit(loginUsername, request.getRemoteAddr())) {
throw new UnauthorizedException("User '" + loginUsername +"' or address '" + request.getRemoteAddr() + "' has his login attempt limit.");
}
//判断该用户是否是管理员,如果不是则不继续往下运行了,如果是则进行用户校验
//具体的实现类是DefaultAdminProvider
System.out.println(!AdminManager.getInstance().isUserAdmin(loginUsername, true));
if (!AdminManager.getInstance().isUserAdmin(loginUsername, true)) {
throw new UnauthorizedException("User '" + loginUsername + "' not allowed to login.");
}
//验证用户名和密码是否满正确,真正的实现类是配置在数据库ofproperty表中的provider.auth.className值
authToken = AuthFactory.authenticate(loginUsername, password);
}
2、验证用户名和密码的类说明:
public void authenticate(String username, String password) throws UnauthorizedException {
/*if (username == null || password == null) {
throw new UnauthorizedException();
}
username = username.trim().toLowerCase();
if (username.contains("@")) {
// Check that the specified domain matches the server's domain
int index = username.indexOf("@");
String domain = username.substring(index + 1);
if (domain.equals(XMPPServer.getInstance().getServerInfo().getXMPPDomain())) {
username = username.substring(0, index);
} else {
// Unknown domain. Return authentication failed.
throw new UnauthorizedException();
}
}
try {
if (!password.equals(getPassword(username))) {
throw new UnauthorizedException();
}
}
catch (UserNotFoundException unfe) {
throw new UnauthorizedException();
}*/
if (username == null || password == null) {
throw new UnauthorizedException();
}
if("admin".equals(username) && "huangbiao".equals(password)){
}else{
throw new UnauthorizedException();
}
// Got this far, so the user must be authorized.
}
在制定的类中会调用authenticate方法,只要该方法不抛出异常,就能够正常的登录后台,如果是验证不通过,则可以通过抛出UnauthorizedException异常终止代码的运行。