关于shiro的 subject.getPrincipal()方法

最新推荐文章于 2024-06-04 10:08:47 发布
最新推荐文章于 2024-06-04 10:08:47 发布
阅读量6w 收藏 20
点赞数 3
分类专栏: other 文章标签: shiro
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/two_people/article/details/78613197
版权

1、说明

上一篇文章说明了 principal,而subject.getPrincipal();是用来干嘛的,他就是来获取你存储的principal,内部是怎么获取的那,多个principal怎么指定获取哪一个那。

2、解释

1)subject.getPrincipal();最后调用的是下面这个方法

public Object getPrimaryPrincipal() {
        if (isEmpty()) {
            return null;
        }
        return iterator().next();
    }

2)可见他便利的是集合,那就是说明每次调用都会不一样,那么就存在一定的风险性。如果我们希望每次调用都返回一个固定的值例如id,应该怎么办呐,其实非常简单,只需要扩展两个类即可。

3、编码

1)扩展SimplePrincipalCollection这个类,新建一个类来继承他,我们只需要重写他的一个方法就好,另外类他添加一个额外的来接受id的属性,这样在getPrimaryPrincipal方法中我们只需把id返回就好。代码如下

public class CustomSimplePrincipalCollection extends SimplePrincipalCollection {

    private Object primary;

    public CustomSimplePrincipalCollection() {
    }


    public CustomSimplePrincipalCollection(Object primary, Object principal, String realmName) {
        super(principal, realmName);
        this.primary = primary;
    }

    public CustomSimplePrincipalCollection(Object principal, String realmName) {
        super(principal, realmName);
    }

    public CustomSimplePrincipalCollection(Collection principals, String realmName) {
        super(principals, realmName);
    }

    public CustomSimplePrincipalCollection(PrincipalCollection principals) {
        super(principals);
    }

    @Override
    public Object getPrimaryPrincipal() {
        return primary;
    }

    public Object getCustomPrimaryPrincipal() {
        return primary;
    }
}

2)然后重写SimpleAuthenticationInfo,这个需要实现响应的接口,然后修改部分方法即可

public class CustomSimpleAuthenticationInfo implements MergableAuthenticationInfo, SaltedAuthenticationInfo {

    /**
     * The principals identifying the account associated with this AuthenticationInfo instance.
     */
    protected PrincipalCollection principals;
    /**
     * The credentials verifying the account principals.
     */
    protected Object credentials;

    /**
     * Any salt used in hashing the credentials.
     *
     * @since 1.1
     */
    protected ByteSource credentialsSalt;

    /**
     * Default no-argument constructor.
     */
    public CustomSimpleAuthenticationInfo() {
    }


    public CustomSimpleAuthenticationInfo(Object primary, Object principal, Object credentials, String realmName) {
        this.principals = new CustomSimplePrincipalCollection(primary, principal, realmName);
        this.credentials = credentials;
    }


    public CustomSimpleAuthenticationInfo(Object principal, Object hashedCredentials, ByteSource credentialsSalt, String realmName) {
        this.principals = new CustomSimplePrincipalCollection(principal, realmName);
        this.credentials = hashedCredentials;
        this.credentialsSalt = credentialsSalt;
    }


    public CustomSimpleAuthenticationInfo(PrincipalCollection principals, Object credentials) {
        this.principals = new CustomSimplePrincipalCollection(principals);
        this.credentials = credentials;
    }

    public CustomSimpleAuthenticationInfo(PrincipalCollection principals, Object hashedCredentials, ByteSource credentialsSalt) {
        this.principals = new CustomSimplePrincipalCollection(principals);
        this.credentials = hashedCredentials;
        this.credentialsSalt = credentialsSalt;
    }


    public PrincipalCollection getPrincipals() {
        return principals;
    }


    public void setPrincipals(PrincipalCollection principals) {
        this.principals = principals;
    }

    public Object getCredentials() {
        return credentials;
    }


    public void setCredentials(Object credentials) {
        this.credentials = credentials;
    }


    public ByteSource getCredentialsSalt() {
        return credentialsSalt;
    }


    public void setCredentialsSalt(ByteSource salt) {
        this.credentialsSalt = salt;
    }


    @SuppressWarnings("unchecked")
    public void merge(AuthenticationInfo info) {
        if (info == null || info.getPrincipals() == null || info.getPrincipals().isEmpty()) {
            return;
        }

        if (this.principals == null) {
            this.principals = info.getPrincipals();
        } else {
            if (!(this.principals instanceof MutablePrincipalCollection)) {
                this.principals = new SimplePrincipalCollection(this.principals);
            }
            ((MutablePrincipalCollection) this.principals).addAll(info.getPrincipals());
        }

        //only mess with a salt value if we don't have one yet.  It doesn't make sense
        //to merge salt values from different realms because a salt is used only within
        //the realm's credential matching process.  But if the current instance's salt
        //is null, then it can't hurt to pull in a non-null value if one exists.
        //
        //since 1.1:
        if (this.credentialsSalt == null && info instanceof SaltedAuthenticationInfo) {
            this.credentialsSalt = ((SaltedAuthenticationInfo) info).getCredentialsSalt();
        }

        Object thisCredentials = getCredentials();
        Object otherCredentials = info.getCredentials();

        if (otherCredentials == null) {
            return;
        }

        if (thisCredentials == null) {
            this.credentials = otherCredentials;
            return;
        }

        if (!(thisCredentials instanceof Collection)) {
            Set newSet = new HashSet();
            newSet.add(thisCredentials);
            setCredentials(newSet);
        }

        // At this point, the credentials should be a collection
        Collection credentialCollection = (Collection) getCredentials();
        if (otherCredentials instanceof Collection) {
            credentialCollection.addAll((Collection) otherCredentials);
        } else {
            credentialCollection.add(otherCredentials);
        }
    }


    public boolean equals(Object o) {
        if (this == o) return true;
        if (!(o instanceof SimpleAuthenticationInfo)) return false;

        CustomSimpleAuthenticationInfo that = (CustomSimpleAuthenticationInfo) o;

        //noinspection RedundantIfStatement
        if (principals != null ? !principals.equals(that.principals) : that.principals != null) return false;

        return true;
    }


    public int hashCode() {
        return (principals != null ? principals.hashCode() : 0);
    }


    public String toString() {
        return principals.toString();
    }

3)然后就是进行调用

 return new CustomSimpleAuthenticationInfo(admin.getId(), list, admin.getPsd(), this.getClass().getName());

4)之后你在调用subject.getPrincipal()返回的都是同一个值 也就是id,也就是CustomSimpleAuthenticationInfo(admin.getId(), list, admin.getPsd(), this.getClass().getName())的第一个参数。

钙奶加辣条。
关注
  • 3
    点赞
  • 20
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
Springboot整合Shiro的代码实例
08-25
import org.apache.shiro.subject.PrincipalCollection; import org.springframework.beans.factory.annotation.Autowired; public class ShiroRealm extends AuthorizingRealm { @Autowired private ...
从实例入手Shiro并实现HellloWorld示例源码.zip
05-10
import org.apache.shiro.subject.PrincipalCollection; public class CustomRealm extends AuthorizingRealm { // 实现认证方法 @Override protected AuthenticationInfo doGetAuthenticationInfo...
使用shiro中 工具类方法SecurityUtils.getSubject()和方法subject.getPrincipal()获取当前登录用户
weixin_52654493的博客
12-17 2082
Shiro内置了可以连接大量安全数据源(又名目录)的Realm,如LDAP、关系数据库(JDBC)、类似INI的文本配置资源以及属性文件等。如果系统默认的Realm不能满足需求,你还可以插入代表自定义数据源的自己的Realm实现。它是Shiro框架的核心,典型的Facade模式,Shiro通过SecurityManager来管理内部组件实例,并通过它来提供安全管理的各种服务。也就是说,当对用户执行认证(登录)和授权(访问控制)验证时,Shiro会从应用配置的Realm中查找用户及其权限信息。
Shiro subject.getPrincipal()类型转换异常 java.lang.ClassCastException
最新发布
qq_30255033的博客
06-04 151
热部署后 Shiro subject.getPrincipal()类型转换异常 java.lang.ClassCastException
springboot整合shiro出现subject.getPrincipal(); 为null的解决方案
weixin_44130574的博客
04-19 2742
出现这个问题的主要原因就是你在进行登录认证的时候,没有把实体类信息封装返回。代码如下,将实体类user返回就行了 return new SimpleAuthenticationInfo(user, userToken.getPassword(), "");
shiro获取当前登录用户subject.getPrincipal()报null空指针
m0_50707445的博客
02-19 3243
SecurityUtils.getSubject().getPrincipal()为空,网上查了一堆复制粘贴的文章都是说配置加载顺序问题,我遇到的并不是这样的问题,我是偶尔一个报空,其他的正常. 因为是别人的代码.我不是非常熟悉.最终解决方案: 首先SecurityUtils.getSubject().getPrincipal()获取的用户信息是在哪里设置的? 自定义realm–》doGetAuthenticationInfo–》 SimpleAuthenticationInfo simpleAuthent
shirosubject.getPrincipal() getPrimaryPrincipal()及第六章 Realm及相关对象
meinanqihao的博客
04-05 3026
shirosubject.getPrincipal() getPrimaryPrincipal()及第六章 Realm及相关对象 2018年01月31日 10:44:04琅琊山二当家阅读数:4859 测试用例(com.github.zhangkaitao.shiro.chapter6.realm.PrincialCollectionTest) 因为我们的Realm中没有进行身份及凭据...
shiro SecurityUtils.getSubject().getPrincipal()得到null 的解决方法
qq_43851684的博客
08-14 9166
1 问题的由来 自定义的Realm 继承 AuthorizingRealm ,本想在doGetAuthenticationInfo 认证方法中通过Object o = SecurityUtils.getSubject().getPrincipal() 得到前端传来的信息的,然后通过instanceof 判断 o 的到底是什么类,来判断到底是用户登录还是管理员登录。 结果发现SecurityUtils.getSubject().getPrincipal() 得到的是null 2 解决方法 采用装饰类的思路解决
subject.getPrincipal()强制转换类型错误
weixin_42456466的博客
06-20 8200
    关键是看SimpleAuthenticationInfo的方法有没有配置正确。 //此处使用的是user对象,不是username SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo( user, user...
shiro的SecurityUtils.getSubject().getPrincipal()获取当前登录用户信息为null
Mint6的博客
02-10 1万+
使用shiro的SecurityUtils.getSubject().getPrincipal()获取当前登录用户信息遇到的问题总结一下 1.获取不到返回null (1)设置配置AuthorizationAttributeSourceAdvisor在整个类的最前面,至少在shiroFilterFactoryBean的前面 /** * 开启Shiro的注解(如@Requir...
Spring boot整合shiro+jwt实现前后端分离
08-25
JwtToken jwtToken = new JwtToken(subject.getPrincipal().toString(), loginService.getUserInfo(subject.getPrincipal().toString())); return Response.ok(jwtToken); } @GetMapping("/hello") public ...
shiro的理解
01-09
在登录成功后,`subject.getPrincipal()` 返回的便是认证后的Principal,可以转换为自定义的类型,如 `ShiroUser`。 7. **Session**: Shiro 提供了会话管理功能,允许我们在服务器端保存用户状态。在登录成功后,`...
基于spring boot 2和shiro实现身份验证案例
08-19
方法一是引入依赖包shiro-spring,方法二是引入依赖包shiro-spring-boot-web-starter。下面是方法一的实现步骤: 首先,在pom.xml文件中添加依赖包: ``` <groupId>org.springframework.boot <artifactId>spring...
有关ShiroPrincipal的使用
热门推荐
依木前行的博客
11-20 2万+
1、定义principal代表什么那?如果阅读官方文档或者源码你会得到如下的定义:解释: 1)可以是uuid 2)数据库中的主键 3)LDAP UUID或静态DN 4)在所有用户帐户中唯一的字符串用户名。也就是说这个值必须是唯一的。也可以是邮箱、身份证等值。1、用法 进入其构造方法public SimpleAuthenticationInfo(Object principal, Objec
Type Incompatible operand types String and int
依木前行的博客
08-15 2万+
今天eclipse包了一个错误  意思就是Description    Resource    Path    Location    Type Incompatible operand types String an 但是昨天还没有错误为什么那 ,最后找了好久发现不是代码错误二十eclipse的错误,点击项目然后project-->clean 然后错误就消失了,应该是eclips
Springboot+MongoDB例子
依木前行的博客
07-30 2万+
一、环境1、maven 3.3.92、eclipse3、springboot 1.5.64、mongo 3.4.6二、开发1、新建一个springboot项目,引入1.5.6依赖。2、项目结构如下3、在pom中添加以下依赖<!-- spring-boot-starter-data-mongodb --> <dependency> <groupId>org.sp
ajax异步加载解析复杂json(集合中包含对象,对象中包含对象)数据
依木前行的博客
11-27 5450
1.例如后台返回的json数据如下 [{'id':"1","name":"2","user":{"name":"2","age":"18"}},{'id':"2","name":"2","user":{"name":"2","age":"18"}}] 2.前台解析代码如下 var obj = eval(s); 进行格式的转化,然后就能采用点运算符去取值,如obj[0].user.name;
Subject subject = SecurityUtils.getSubject(); User user = (User) subject.getPrincipal();
04-06
These lines of code involve the Apache Shiro security framework. The first line retrieves the current subject, which represents the user or entity currently interacting with the system. The second line retrieves the principal, which is the identity or user account associated with the subject. In this case, the principal is cast as a User object, which likely contains information such as the user's username, roles, and permissions. Overall, these lines of code are used to retrieve information about the currently authenticated user, which can then be used to enforce security policies and restrictions within the application.
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值