apache-shiro杂记(二) 关于多realm认证的策略
一直以为给定的下面配置是短路方式的,即defaultJdbcRealm可以成功认证,backDoorJdbcRealm就不会被调用。
其实不然,org.apache.shiro.authc.pam.FirstSuccessfulStrategy并不是这个意思,所有的realm依然都会被调用。
只不过是第一个认证成功的AuthenticationInfo作为最后的结果返回。
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!-- 其他配置 --> <property name="authenticator" ref="authenticator" /> <property name="realms"> <list> <ref bean="defaultJdbcRealm" /> <ref bean="backDoorJdbcRealm" /> </list> </property> </bean> <bean id="defaultJdbcRealm" class="..." /> <bean id="backDoorJdbcRealm" class="..." /> <bean id="authenticator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator"> <property name="authenticationStrategy"> <bean class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy" /> </property> </bean>
为了实现目的,必须对org.apache.shiro.authc.pam.ModularRealmAuthenticator改造。
package xxx.yyy.security; import java.util.Collection; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.pam.AuthenticationStrategy; import org.apache.shiro.realm.Realm; import org.apache.shiro.util.CollectionUtils; public class ModularRealmAuthenticator extends org.apache.shiro.authc.pam.ModularRealmAuthenticator { @Override protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) { AuthenticationStrategy strategy = getAuthenticationStrategy(); AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token); for (Realm realm : realms) { aggregate = strategy.beforeAttempt(realm, token, aggregate); if (realm.supports(token)) { AuthenticationInfo info = null; Throwable t = null; try { info = realm.getAuthenticationInfo(token); } catch (Throwable throwable) { t = throwable; } aggregate = strategy.afterAttempt(realm, token, info, aggregate, t); // dirty dirty hack if (aggregate != null && !CollectionUtils.isEmpty(aggregate.getPrincipals())) { return aggregate; } // end dirty dirty hack } else { } } aggregate = strategy.afterAllAttempts(token, aggregate); return aggregate; } }
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!-- 其他配置 --> <property name="authenticator" ref="authenticator" /> <property name="realms"> <list> <ref bean="defaultJdbcRealm" /> <ref bean="backDoorJdbcRealm" /> </list> </property> </bean> <bean id="defaultJdbcRealm" class="..." /> <bean id="backDoorJdbcRealm" class="..." /> <bean id="authenticator" class="xxx.yyy.security.ModularRealmAuthenticator"> <property name="authenticationStrategy"> <bean class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy" /> </property> </bean>
相关推荐
xclxcl 2020-08-03
zmzmmf 2020-08-03
likesyour 2020-08-01
ErixHao 2020-06-03
GDreams0 2020-06-01
nullcy 2020-04-25
visionzheng 2020-04-20
ganjing 2020-02-16
杜鲁门 2020-11-05
luckyxl0 2020-08-16
Dullonjiang 2020-08-09
MicroBoy 2020-08-02
ganjing 2020-08-02
zmzmmf 2020-07-09
MicroBoy 2020-07-05
zzhao 2020-06-26
子云 2020-06-18
visionzheng 2020-06-07
neweastsun 2020-06-04