shiro自帶了一套登錄驗證的邏輯,下面以SimpleCredentialsMatcher的實現爲例
/**
* This implementation acquires the {@code token}'s credentials
* (via {@link #getCredentials(AuthenticationToken) getCredentials(token)})
* and then the {@code account}'s credentials
* (via {@link #getCredentials(org.apache.shiro.authc.AuthenticationInfo) getCredentials(account)}) and then passes both of
* them to the {@link #equals(Object,Object) equals(tokenCredentials, accountCredentials)} method for equality
* comparison.
*
* @param token the {@code AuthenticationToken} submitted during the authentication attempt.
* @param info the {@code AuthenticationInfo} stored in the system matching the token principal.
* @return {@code true} if the provided token credentials are equal to the stored account credentials,
* {@code false} otherwise
*/
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
/*
token 和 info 可以理解爲user類,
token 是用戶登錄是輸入信息,
info 則是shiro從數據庫查到的用戶信息
*/
Object tokenCredentials = getCredentials(token);//getCredentials實際就是獲取密碼
Object accountCredentials = getCredentials(info);
return equals(tokenCredentials, accountCredentials);//直接返回對比結果
}
/**
* Returns the {@link #getPassword() password} char array.
*
* @return the {@link #getPassword() password} char array.
* @see org.apache.shiro.authc.AuthenticationToken#getCredentials()
*/
public Object getCredentials() {
return getPassword();
}
shiro的登陸驗證就是依靠SimpleCredentialsMatcher.doCredentialsMatch這個方法的返回來判斷是否登錄成功,所以只需要繼承SimpleCredentialsMatcher然後重寫doCredentialsMatch就可以自定義自己想要的登錄校驗了。
ps:記得在AuthorizingRealm設置剛剛自定義的CredentialsMatcher