shiro 用户认证授权流程源码分析
源码分析shiro用户认证执行流程
- 通过
shiroConfig
配置了securityManager
- 调用
subject.login
方法主体提交认证,提交的token
securityManager(AuthenticatingSecurityManager)
进行认证
- 流转到
ModularRealmAuthenticator
进行认证
源码分析shiro授权流程
-
主体授权(subject.isPermitted()、subject.checkRole("xxx角色")
、shiro前端标签授权
、后端授权注解(@RequiresPermissions("sys:log:list")))
-
SecurityManager(AuthorizingSecurityManager) 执行授权
-
流转到
ModularRealmAuthorizer
执行授权
-
流转到
AuthorizingRealm
执行授权
-
AuthorizingRealm
通过getAuthorizationInfo(PrincipalCollection principals)
获取用户拥有的权限标识符
protected AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
if (principals == null) {
return null;
}
AuthorizationInfo info = null;
if (log.isTraceEnabled()) {
log.trace("Retrieving AuthorizationInfo for principals [" + principals + "]");
}
//拿到缓存实例
Cache<Object, AuthorizationInfo> cache = getAvailableAuthorizationCache();
if (cache != null) {
if (log.isTraceEnabled()) {
log.trace("Attempting to retrieve the AuthorizationInfo from cache.");
}
Object key = getAuthorizationCacheKey(principals);
//调用缓存获取用户拥有的权限信息
info = cache.get(key);
if (log.isTraceEnabled()) {
if (info == null) {
log.trace("No AuthorizationInfo found in cache for principals [" + principals +
"]");
} else {
log.trace("AuthorizationInfo found in cache for principals [" + principals +
"]");
}
}
}
//缓存没有拿到用户拥有的权限信息
if (info == null) {
// Call template method if the info was not found in a cache
//通过自定义CustomRealm 的doGetAuthorizationInfo 获取用户拥有的权限信息
info = doGetAuthorizationInfo(principals);
// If the info is not null and the cache has been created, then cache the authorization
info.
if (info != null && cache != null) {
if (log.isTraceEnabled()) {
log.trace("Caching authorization info for principals: [" + principals + "].");
}
Object key = getAuthorizationCacheKey(principals);
//拿到后把用户拥有的权限信息存入缓存
cache.put(key, info);
}
}
return info;
}
源码分析
第一步拿到缓存实例。
第二步调用缓存获取用户拥有的权限信息拿到返回没有拿到执行第三步
第三步通过自定义CustomRealm 的doGetAuthorizationInfo 获取用户拥有的权限信息
第四步拿到后把用户拥有的权限信息存入缓存
第五步返回用户拥有的权限信息
-
到用户用拥有的权限信息后封装成Permission
-
循环执行匹配perm.implies(permission)