shiro中获取当前登录用户时源码中,默认取用户信息,关键部分代码截取DelegatingSubject.java:
private static final String RUN_AS_PRINCIPALS_SESSION_KEY =
DelegatingSubject.class.getName() + ".RUN_AS_PRINCIPALS_SESSION_KEY";
public PrincipalCollection getPrincipals() {
List<PrincipalCollection> runAsPrincipals = getRunAsPrincipalsStack();
return CollectionUtils.isEmpty(runAsPrincipals) ? this.principals : runAsPrincipals.get(0);
}
private List<PrincipalCollection> getRunAsPrincipalsStack() {
Session session = getSession(false);
if (session != null) {
return (List<PrincipalCollection>) session.getAttribute(RUN_AS_PRINCIPALS_SESSION_KEY);
}
return null;
}
即如果runas中存在用户,则默认取index为0的用户,否则取session中如下key中的值(即this.principals中数据来源)
public static final String SESSION_CREATION_ENABLED = DefaultSubjectContext.class.getName() + ".SESSION_CREATION_ENABLED";
优先取runas中的值是因为shiro中存在可在同一个session中切换用户信息,实现如下: Subject subject = SecurityUtils.getSubject();
AuthUserDetails authUserDetail = new AuthUserDetails();
authUserDetail .set****
subject.runAs(new SimplePrincipalCollection(authUserDetail, ""));