shiro login成功后 保存了Principals 和 AuthenticationState到session中,所以我们每次请求都能从session成功获取到这2个属性。
核心类:DefaultSubjectDAO
[code="java"]public Subject save(Subject subject) {
if (this.isSessionStorageEnabled(subject)) {
this.saveToSession(subject);
} else {
log.trace("Session storage of subject state for Subject [{}] has been disabled: identity and authentication state are expected to be initialized on every request or invocation.", subject);
}
return subject;
}
protected void saveToSession(Subject subject) {
this.mergePrincipals(subject);
this.mergeAuthenticationState(subject);
}[/code]
核心类:DefaultSubjectDAO
[code="java"]public Subject save(Subject subject) {
if (this.isSessionStorageEnabled(subject)) {
this.saveToSession(subject);
} else {
log.trace("Session storage of subject state for Subject [{}] has been disabled: identity and authentication state are expected to be initialized on every request or invocation.", subject);
}
return subject;
}
protected void saveToSession(Subject subject) {
this.mergePrincipals(subject);
this.mergeAuthenticationState(subject);
}[/code]