zoukankan      html  css  js  c++  java
  • shiro框架的UsernamePasswordToken与对应Realm中的AuthenticationToken的一点比较

    这里以简单的登陆为例子

    控制器对应的登陆方法:

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String login(@RequestParam("username") String username, @RequestParam("password") String password){
        // 获取当前的 Subject. 调用 SecurityUtils.getSubject();
        Subject currentUser = SecurityUtils.getSubject();
    
        // 测试当前的用户是否已经被认证. 即是否已经登录.
        // 调动 Subject 的 isAuthenticated()
        if (!currentUser.isAuthenticated()) {
            // 把用户名和密码封装为 UsernamePasswordToken 对象
            UsernamePasswordToken token = new UsernamePasswordToken(username, password);
            // rememberme
            token.setRememberMe(true);
            try {
                System.out.println("UsernamePasswordToken:");
                System.out.println("hashCode:" + token.hashCode());
                System.out.println("Principal:" + token.getPrincipal());
                System.out.println("Credentials:" + String.valueOf((char[]) token.getCredentials()));
                System.out.println("host:" + token.getHost());
                System.out.println("Username:" + token.getUsername());
                System.out.println("Password:" + String.valueOf(token.getPassword()));
                // 执行登录.
                currentUser.login(token);
            }
            // ... catch more exceptions here (maybe custom ones specific to your application?
            // 所有认证时异常的父类.
            catch (AuthenticationException ae) {
                //unexpected condition?  error?
                System.out.println("login failed :" + ae.getMessage());
            }
        }
        return "redirect:/index.jsp";
    }
    

    在这里打印了所有的UsernamePasswordToken的属性值

    再在对应的Realm中打印一下接收的AuthenticationToken的所有属性值

    一个简单的例子:

    public class ShiroRealm extends AuthenticatingRealm {
    
        @Resource
        private AdminService adminService;
    
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
            System.out.println("AuthenticationToken:");
            System.out.println("hashCode:" + authenticationToken.hashCode());
            System.out.println("Principal:" + authenticationToken.getPrincipal());
            System.out.println("Credentials:" + authenticationToken.getCredentials().toString());
          
            return null;
        }
    }
    

    打印结果:

    注意:

    credentials这个属性,在UsernamePasswordToken中其实是个Object,查看源代码,getCredentials()方法返回的就是password

    源代码,见图:

    故,若要正确得到UsernamePasswordToken的password,可以将credentials转为char[]再String.valof()方法获得String。

  • 相关阅读:
    AFN 控制字符报错(无法解析)
    HTTP POST请求报文格式分析与Java实现文件上传
    xcrun
    Makefile选项CFLAGS,LDFLAGS,LIBS
    Xcode 编译错误
    iOS 11 适配
    机器学习算法之决策树
    Python extend 和 append 的区别
    Python warning_function name should be lowercase
    使用matplotlib绘制导数图像
  • 原文地址:https://www.cnblogs.com/ihaokun/p/10073449.html
Copyright © 2011-2022 走看看