Subject subject.login(UsernamePasswordToken usernamePasswordToken)
DelegatingSubject.java SecurityManager securityManager.login(this, token);
DefaultSecurityManager.java login(Subject subject, AuthenticationToken token) AuthenticationInfo info = authenticate(token);
AuthenticatingSecurityManager.java AuthenticationInfo authenticate(AuthenticationToken token) this.authenticator.authenticate(token);
AbstractAuthenticator.java AuthenticationInfo authenticate(AuthenticationToken token) AuthenticationInfo info = doAuthenticate(token);
ModularRealmAuthenticator.java AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) doSingleRealmAuthentication(realms.iterator().next(), authenticationToken) ((|| doMultiRealmAuthentication(realms, authenticationToken);))
&&AuthenticationInfo info = realm.getAuthenticationInfo(token);
AuthenticatingRealm.java AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) AuthenticationInfo info = abstract doGetAuthenticationInfo(token);
&&assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) CredentialsMatcher credentialsMatcher.doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info)
&&(manager)CredentialsMatcher extends SimpleCredentialsMatcher implements CredentialsMatcher @Override boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info)
AuthRealm extends AuthorizingRealm extends AuthenticatingRealm AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) return new SimpleAuthenticationInfo (Object principal, Object credentials, String realmName)
@Configuration
public class ShiroConfiguration
@Bean(name = "shiroFilter")
ShiroFilterFactoryBean bean.setSecurityManager(manager); bean.setFilterChainDefinitionMap(Map<String, String> filterChainDefinitionMap)
@Bean(name = "securityManager")
DefaultWebSecurityManager manager RealmSecurityManager Collection<Realm> realms