apache-shiro杂记(二) 关于多realm认证的策略

于 2013-12-29 13:36:46 发布
阅读量281 收藏
点赞数
分类专栏: apache-shiro 文章标签: shiro authenticator
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/Outaku/article/details/84516051
版权
一直以为给定的下面配置是短路方式的,即defaultJdbcRealm可以成功认证,backDoorJdbcRealm就不会被调用。
其实不然,org.apache.shiro.authc.pam.FirstSuccessfulStrategy并不是这个意思,所有的realm依然都会被调用。
只不过是第一个认证成功的AuthenticationInfo作为最后的结果返回。 

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
	<!-- 其他配置 -->
	<property name="authenticator" ref="authenticator" />
	<property name="realms">
		<list>
			<ref bean="defaultJdbcRealm" />
			<ref bean="backDoorJdbcRealm" />
		</list>
	</property>
</bean>

<bean id="defaultJdbcRealm" class="..." />
<bean id="backDoorJdbcRealm" class="..." />

<bean id="authenticator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator">
	<property name="authenticationStrategy">
		<bean class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy" />
	</property>
</bean>


为了实现目的,必须对org.apache.shiro.authc.pam.ModularRealmAuthenticator改造。 

package xxx.yyy.security;

import java.util.Collection;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.pam.AuthenticationStrategy;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.util.CollectionUtils;

public class ModularRealmAuthenticator extends org.apache.shiro.authc.pam.ModularRealmAuthenticator {

	@Override
	protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {

		AuthenticationStrategy strategy = getAuthenticationStrategy();
		AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);

		for (Realm realm : realms) {
			aggregate = strategy.beforeAttempt(realm, token, aggregate);
			if (realm.supports(token)) {
				AuthenticationInfo info = null;
				Throwable t = null;
				try {
					info = realm.getAuthenticationInfo(token);
				} catch (Throwable throwable) {
					t = throwable;
				}
				aggregate = strategy.afterAttempt(realm, token, info, aggregate, t);
				// dirty dirty hack
				if (aggregate != null && !CollectionUtils.isEmpty(aggregate.getPrincipals())) {
					return aggregate;
				}
				// end dirty dirty hack
			} else {

			}
		}
		aggregate = strategy.afterAllAttempts(token, aggregate);
		return aggregate;
	}
}


<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
	<!-- 其他配置 -->
	<property name="authenticator" ref="authenticator" />
	<property name="realms">
		<list>
			<ref bean="defaultJdbcRealm" />
			<ref bean="backDoorJdbcRealm" />
		</list>
	</property>
</bean>

<bean id="defaultJdbcRealm" class="..." />
<bean id="backDoorJdbcRealm" class="..." />

<bean id="authenticator" class="xxx.yyy.security.ModularRealmAuthenticator">
	<property name="authenticationStrategy">
		<bean class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy" />
	</property>
</bean>
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值