zoukankan      html  css  js  c++  java
  • shiro框架的UsernamePasswordToken与对应Realm中的AuthenticationToken的一点比较

    这里以简单的登陆为例子

    控制器对应的登陆方法:

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String login(@RequestParam("username") String username, @RequestParam("password") String password){
        // 获取当前的 Subject. 调用 SecurityUtils.getSubject();
        Subject currentUser = SecurityUtils.getSubject();
    
        // 测试当前的用户是否已经被认证. 即是否已经登录.
        // 调动 Subject 的 isAuthenticated()
        if (!currentUser.isAuthenticated()) {
            // 把用户名和密码封装为 UsernamePasswordToken 对象
            UsernamePasswordToken token = new UsernamePasswordToken(username, password);
            // rememberme
            token.setRememberMe(true);
            try {
                System.out.println("UsernamePasswordToken:");
                System.out.println("hashCode:" + token.hashCode());
                System.out.println("Principal:" + token.getPrincipal());
                System.out.println("Credentials:" + String.valueOf((char[]) token.getCredentials()));
                System.out.println("host:" + token.getHost());
                System.out.println("Username:" + token.getUsername());
                System.out.println("Password:" + String.valueOf(token.getPassword()));
                // 执行登录.
                currentUser.login(token);
            }
            // ... catch more exceptions here (maybe custom ones specific to your application?
            // 所有认证时异常的父类.
            catch (AuthenticationException ae) {
                //unexpected condition?  error?
                System.out.println("login failed :" + ae.getMessage());
            }
        }
        return "redirect:/index.jsp";
    }
    

    在这里打印了所有的UsernamePasswordToken的属性值

    再在对应的Realm中打印一下接收的AuthenticationToken的所有属性值

    一个简单的例子:

    public class ShiroRealm extends AuthenticatingRealm {
    
        @Resource
        private AdminService adminService;
    
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
            System.out.println("AuthenticationToken:");
            System.out.println("hashCode:" + authenticationToken.hashCode());
            System.out.println("Principal:" + authenticationToken.getPrincipal());
            System.out.println("Credentials:" + authenticationToken.getCredentials().toString());
          
            return null;
        }
    }
    

    打印结果:

    注意:

    credentials这个属性,在UsernamePasswordToken中其实是个Object,查看源代码,getCredentials()方法返回的就是password

    源代码,见图:

    故,若要正确得到UsernamePasswordToken的password,可以将credentials转为char[]再String.valof()方法获得String。

  • 相关阅读:
    Leetcode 121. Best Time to Buy and Sell Stock
    Leetcode 120. Triangle
    Leetcode 26. Remove Duplicates from Sorted Array
    Leetcode 767. Reorganize String
    Leetcode 6. ZigZag Conversion
    KMP HDU 1686 Oulipo
    多重背包 HDU 2844 Coins
    Line belt 三分嵌套
    三分板子 zoj 3203
    二分板子 poj 3122 pie
  • 原文地址:https://www.cnblogs.com/ihaokun/p/10073449.html
Copyright © 2011-2022 走看看