Shiro自定義登錄驗證

shiro自帶了一套登錄驗證的邏輯，下面以SimpleCredentialsMatcher的實現爲例

    /**
     * This implementation acquires the {@code token}'s credentials
     * (via {@link #getCredentials(AuthenticationToken) getCredentials(token)})
     * and then the {@code account}'s credentials
     * (via {@link #getCredentials(org.apache.shiro.authc.AuthenticationInfo) getCredentials(account)}) and then passes both of
     * them to the {@link #equals(Object,Object) equals(tokenCredentials, accountCredentials)} method for equality
     * comparison.
     *
     * @param token the {@code AuthenticationToken} submitted during the authentication attempt.
     * @param info  the {@code AuthenticationInfo} stored in the system matching the token principal.
     * @return {@code true} if the provided token credentials are equal to the stored account credentials,
     *         {@code false} otherwise
     */
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        /*
        token 和 info 可以理解爲user類，
        token 是用戶登錄是輸入信息，
        info  則是shiro從數據庫查到的用戶信息
        */
        
        Object tokenCredentials = getCredentials(token);//getCredentials實際就是獲取密碼
        Object accountCredentials = getCredentials(info);
        return equals(tokenCredentials, accountCredentials);//直接返回對比結果
    }



/**
     * Returns the {@link #getPassword() password} char array.
     *
     * @return the {@link #getPassword() password} char array.
     * @see org.apache.shiro.authc.AuthenticationToken#getCredentials()
     */
    public Object getCredentials() {
        return getPassword();
    }

shiro的登陸驗證就是依靠SimpleCredentialsMatcher.doCredentialsMatch這個方法的返回來判斷是否登錄成功，所以只需要繼承SimpleCredentialsMatcher然後重寫doCredentialsMatch就可以自定義自己想要的登錄校驗了。

ps:記得在AuthorizingRealm設置剛剛自定義的CredentialsMatcher