Shiro源码+架构

1.Shiro常用三模块

（1）SessionManager，管理session

SessionDao，用于持久化session：

public interface SessionDAO {
    Serializable create(Session session);
    Session readSession(Serializable sessionId) throws UnknownSessionException;
    void update(Session session) throws UnknownSessionException;
    void delete(Session session);
    Collection<Session> getActiveSessions();
}

（2）CacheManager，管理cache

Cache，shiro中组件使用

public interface Cache<K, V> {
    public V get(K key) throws CacheException;
    public V put(K key, V value) throws CacheException;
    public V remove(K key) throws CacheException;
    public void clear() throws CacheException;
    public int size();
    public Set<K> keys();
    public Collection<V> values();
}

（3）Realm，用于数据交互，授权，验证，关联到session，cache等

2.Cahce

 

 

3. Event

 

 

 

 

 

 

4. 核心模块（aop + authz+authc）

（1）AOP

 

 

（2）授权

AuthorizingRealm：CacheManager（授权信息缓存）

abstract class AuthorizingRealm{
protected AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {

        if (principals == null) {
            return null;
        }

        AuthorizationInfo info = null;

        if (log.isTraceEnabled()) {
            log.trace("Retrieving AuthorizationInfo for principals [" + principals + "]");
        }
		//1.先获取authorizationCache
        Cache<Object, AuthorizationInfo> cache = getAvailableAuthorizationCache();
        if (cache != null) {
			//2.Cache不为空时，获取authorizationInfo
            if (log.isTraceEnabled()) {
                log.trace("Attempting to retrieve the AuthorizationInfo from cache.");
            }
            Object key = getAuthorizationCacheKey(principals);
            info = cache.get(key);
            if (log.isTraceEnabled()) {
                if (info == null) {
                    log.trace("No AuthorizationInfo found in cache for principals [" + principals + "]");
                } else {
                    log.trace("AuthorizationInfo found in cache for principals [" + principals + "]");
                }
            }
        }

		//3.authorizationInfo为空时，调用doGetAuthorizationInfo，并且将authorizationInfo放入authorizationCache中；
        if (info == null) {
            // Call template method if the info was not found in a cache
            //抽象方法，需要自己实现
            info = doGetAuthorizationInfo(principals);
            // If the info is not null and the cache has been created, then cache the authorization info.
            if (info != null && cache != null) {
                if (log.isTraceEnabled()) {
                    log.trace("Caching authorization info for principals: [" + principals + "].");
                }
                Object key = getAuthorizationCacheKey(principals);
                cache.put(key, info);
            }
        }

        return info;
    }
}

 

 

（3）验证

AuthenticatingRealm：CacheManager（验证信息缓存），CredentialsMatcher（比较外部传入token和内部验证信息账号是否一致）

abstract class AuthenticatingRealm{ 
public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        //cache中获取
        AuthenticationInfo info = getCachedAuthenticationInfo(token);
        if (info == null) {
            //otherwise not cached, perform the lookup:
            //实现自己的doGetAuthenticationInfo
            info = doGetAuthenticationInfo(token);
            log.debug("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", info);
            if (token != null && info != null) {
                //保存进cache,实现自己的cache
                cacheAuthenticationInfoIfPossible(token, info);
            }
        } else {
            log.debug("Using cached authentication info [{}] to perform credentials matching.", info);
        }

        if (info != null) {
            assertCredentialsMatch(token, info);
        } else {
            log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}].  Returning null.", token);
        }

        return info;
    }
}

 

 

 

（3）认证

 

 

（4）session