本文共 2659 字,大约阅读时间需要 8 分钟。
一直以为给定的下面配置是短路方式的,即defaultJdbcRealm可以成功认证,backDoorJdbcRealm就不会被调用。
其实不然,org.apache.shiro.authc.pam.FirstSuccessfulStrategy并不是这个意思,所有的realm依然都会被调用。
只不过是第一个认证成功的AuthenticationInfo作为最后的结果返回。
- <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
-
- <property name="authenticator" ref="authenticator" />
- <property name="realms">
- <list>
- <ref bean="defaultJdbcRealm" />
- <ref bean="backDoorJdbcRealm" />
- </list>
- </property>
- </bean>
-
- <bean id="defaultJdbcRealm" class="..." />
- <bean id="backDoorJdbcRealm" class="..." />
-
- <bean id="authenticator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator">
- <property name="authenticationStrategy">
- <bean class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy" />
- </property>
- </bean>
为了实现目的,必须对org.apache.shiro.authc.pam.ModularRealmAuthenticator改造。
- package xxx.yyy.security;
-
- import java.util.Collection;
- import org.apache.shiro.authc.AuthenticationInfo;
- import org.apache.shiro.authc.AuthenticationToken;
- import org.apache.shiro.authc.pam.AuthenticationStrategy;
- import org.apache.shiro.realm.Realm;
- import org.apache.shiro.util.CollectionUtils;
-
- public class ModularRealmAuthenticator extends org.apache.shiro.authc.pam.ModularRealmAuthenticator {
-
- @Override
- protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {
-
- AuthenticationStrategy strategy = getAuthenticationStrategy();
- AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);
-
- for (Realm realm : realms) {
- aggregate = strategy.beforeAttempt(realm, token, aggregate);
- if (realm.supports(token)) {
- AuthenticationInfo info = null;
- Throwable t = null;
- try {
- info = realm.getAuthenticationInfo(token);
- } catch (Throwable throwable) {
- t = throwable;
- }
- aggregate = strategy.afterAttempt(realm, token, info, aggregate, t);
-
- if (aggregate != null && !CollectionUtils.isEmpty(aggregate.getPrincipals())) {
- return aggregate;
- }
-
- } else {
-
- }
- }
- aggregate = strategy.afterAllAttempts(token, aggregate);
- return aggregate;
- }
- }
- <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
-
- <property name="authenticator" ref="authenticator" />
- <property name="realms">
- <list>
- <ref bean="defaultJdbcRealm" />
- <ref bean="backDoorJdbcRealm" />
- </list>
- </property>
- </bean>
-
- <bean id="defaultJdbcRealm" class="..." />
- <bean id="backDoorJdbcRealm" class="..." />
-
- <bean id="authenticator" class="xxx.yyy.security.ModularRealmAuthenticator">
- <property name="authenticationStrategy">
- <bean class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy" />
- </property>
- </bean>
转载地址:http://jsxdn.baihongyu.com/