当配置了多个Realm时,我们通常使用的认证器是shiro自带的org.apache.shiro.authc.pam.ModularRealmAuthenticator,其中决定使用的Realm的是doAuthenticate()方法
public class UserModularRealmAuthenticator extends ModularRealmAuthenticator {
@Override
protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
assertRealmsConfigured();
//依据Realm中配置的支持Token来进行过滤
List<Realm> realms = this.getRealms()
.stream()
.filter(realm -> realm.supports(authenticationToken))
.collect(Collectors.toList());
if (realms.size() == 1) {
return doSingleRealmAuthentication(realms.get(0), authenticationToken);
} else {
return doMultiRealmAuthentication(realms, authenticationToken);
}
}
}
在ShiroConfig中设置安全管理器添加多个自定义realm
/**
* 安全管理器
*/
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//设置realm.
securityManager.setAuthenticator(modularRealmAuthenticator());
List<Realm> realms = new ArrayList<>();
//添加多个Realm
realms.add(userRealm());
securityManager.setRealms(realms);
// 自定义缓存实现 使用redis
securityManager.setCacheManager(cacheManagers());
return securityManager;
}
/**
* 系统自带的Realm管理,主要针对多realm
* */
@Bean
public ModularRealmAuthenticator modularRealmAuthenticator(){
//自己重写的ModularRealmAuthenticator
UserModularRealmAuthenticator modularRealmAuthenticator = new UserModularRealmAuthenticator();
modularRealmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
return modularRealmAuthenticator;
}
/**
* 创建自定义Realm
* @return
*/
@Bean
public UserRealm userRealm(){
UserRealm userRealm = new UserRealm();
userRealm.setCachingEnabled(true);
//启用身份验证缓存,即缓存AuthenticationInfo信息,默认false
userRealm.setAuthenticationCachingEnabled(true);
//启用授权缓存,即缓存AuthorizationInfo信息,默认false
userRealm.setAuthorizationCachingEnabled(true);
//配置自定义密码比较器
userRealm.setCredentialsMatcher(credentialsMatcher());
return userRealm;
}