1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.shiro.authc; 20 21 import org.apache.shiro.subject.PrincipalCollection; 22 23 /** 24 * An {@code AuthenticationListener} listens for notifications while {@code Subject}s authenticate with the system. 25 * 26 * @since 0.9 27 */ 28 public interface AuthenticationListener { 29 30 /** 31 * Callback triggered when an authentication attempt for a {@code Subject} has succeeded. 32 * 33 * @param token the authentication token submitted during the {@code Subject} (user)'s authentication attempt. 34 * @param info the authentication-related account data acquired after authentication for the corresponding {@code Subject}. 35 */ 36 void onSuccess(AuthenticationToken token, AuthenticationInfo info); 37 38 /** 39 * Callback triggered when an authentication attempt for a {@code Subject} has failed. 40 * 41 * @param token the authentication token submitted during the {@code Subject} (user)'s authentication attempt. 42 * @param ae the {@code AuthenticationException} that occurred as a result of the attempt. 43 */ 44 void onFailure(AuthenticationToken token, AuthenticationException ae); 45 46 /** 47 * Callback triggered when a {@code Subject} logs-out of the system. 48 * <p/> 49 * This method will only be triggered when a Subject explicitly logs-out of the session. It will not 50 * be triggered if their Session times out. 51 * 52 * @param principals the identifying principals of the Subject logging out. 53 */ 54 void onLogout(PrincipalCollection principals); 55 }
AuthenticationListener是Subject在登录登出时的一个监听器,有三个方法onSuccess,onFailure和onLogout。分别在登录成功、登录失败、退出时调用,具体的调用时机在AbstractAuthenticator的authenticate方法中可以看到。
使用起来也比较简单,只要实现了这个接口,然后在配置SecurityManager的时候把他加进去,比如(以Spring整合Shiro为例):
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="systemAuthorizingRealm" /> <property name="sessionManager" ref="sessionManager" /> <property name="cacheManager" ref="shiroCacheManager" /> <property name="authenticator.authenticationListeners"> <list> <bean class="com.thinkgem.jeesite.modules.sys.listener.MultiAccountLoginListener" /> </list> </property> </bean>
如何有多个listener,加到<list></list>中。