shiro登录流程源码详解（手把手带你读源码）

最新推荐文章于 2024-05-02 21:56:05 发布

大音~希声

最新推荐文章于 2024-05-02 21:56:05 发布

阅读量687

点赞数

分类专栏： java杂记文章标签： java shiro

本文链接：https://blog.csdn.net/qq_37752382/article/details/108611201

版权

java杂记专栏收录该内容

41 篇文章 0 订阅

订阅专栏

一、源码解读（本文使用idea的截图）
1、我们在登录控制层经常会写这么一段

 UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.login(token);
            return R.ok();
        } catch (AuthenticationException e) {
            return R.error("用户或密码错误");
        }

探索login里面到底发生了什么？
1）
在这里插入图片描述
全局搜索找到这个实现Subject类

public class WebDelegatingSubject extends DelegatingSubject implements WebSubject

发现login在其父类DelegatingSubject 中。
或者
ctrl+alt+b 进入到login方法（第一个感觉逻辑能清晰一点）
2）login源码

public void login(AuthenticationToken token) throws AuthenticationException {
        this.clearRunAsIdentitiesInternal();
        //源码在下面贴出
        Subject subject = this.securityManager.login(this, token);
        String host = null;
        PrincipalCollection principals;
        if (subject instanceof DelegatingSubject) {
            DelegatingSubject delegating = (DelegatingSubject)subject;
            principals = delegating.principals;
            host = delegating.host;
        } else {
            principals = subject.getPrincipals();
        }

        if (principals != null && !principals.isEmpty()) {
            this.principals = principals;
            this.authenticated = true;
            if (token instanceof HostAuthenticationToken) {
                host = ((HostAuthenticationToken)token).getHost();
            }

            if (host != null) {
                this.host = host;
            }

            Session session = subject.getSession(false);
            if (session != null) {
                this.session = this.decorate(session);
            } else {
                this.session = null;
            }

        } else {
            String msg = "Principals returned from securityManager.login( token ) returned a null or empty value.  This value must be non null and populated with one or more elements.";
            throw new IllegalStateException(msg);
        }
    }

Subject subject = this.securityManager.login(this, token);

public Subject login(Subject subject, AuthenticationToken token) throws AuthenticationException {
        AuthenticationInfo info;
        try {
            info = this.authenticate(token);
        } catch (AuthenticationException var7) {
            AuthenticationException ae = var7;

            try {
                this.onFailedLogin(token, ae, subject);
            } catch (Exception var6) {
                if (log.isInfoEnabled()) {
                    log.info("onFailedLogin method threw an exception.  Logging and propagating original AuthenticationException.", var6);
                }
            }

            throw var7;
        }

        Subject loggedIn = this.createSubject(token, info, subject);
        this.onSuccessfulLogin(token, info, loggedIn);
        return loggedIn;
    }