zoukankan      html  css  js  c++  java

  • shiro框架的UsernamePasswordToken与对应Realm中的AuthenticationToken的一点比较

    这里以简单的登陆为例子

    控制器对应的登陆方法:

    @RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(@RequestParam("username") String username, @RequestParam("password") String password){
    // 获取当前的 Subject. 调用 SecurityUtils.getSubject();
    Subject currentUser = SecurityUtils.getSubject();

    // 测试当前的用户是否已经被认证. 即是否已经登录.
    // 调动 Subject 的 isAuthenticated()
    if (!currentUser.isAuthenticated()) {
        // 把用户名和密码封装为 UsernamePasswordToken 对象
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        // rememberme
        token.setRememberMe(true);
        try {
            System.out.println("UsernamePasswordToken:");
            System.out.println("hashCode:" + token.hashCode());
            System.out.println("Principal:" + token.getPrincipal());
            System.out.println("Credentials:" + String.valueOf((char[]) token.getCredentials()));
            System.out.println("host:" + token.getHost());
            System.out.println("Username:" + token.getUsername());
            System.out.println("Password:" + String.valueOf(token.getPassword()));
            // 执行登录.
            currentUser.login(token);
        }
        // ... catch more exceptions here (maybe custom ones specific to your application?
        // 所有认证时异常的父类.
        catch (AuthenticationException ae) {
            //unexpected condition?  error?
            System.out.println("login failed :" + ae.getMessage());
        }
    }
    return "redirect:/index.jsp";
}

    在这里打印了所有的UsernamePasswordToken的属性值

    再在对应的Realm中打印一下接收的AuthenticationToken的所有属性值

    一个简单的例子:

    public class ShiroRealm extends AuthenticatingRealm {

    @Resource
    private AdminService adminService;

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("AuthenticationToken:");
        System.out.println("hashCode:" + authenticationToken.hashCode());
        System.out.println("Principal:" + authenticationToken.getPrincipal());
        System.out.println("Credentials:" + authenticationToken.getCredentials().toString());
      
        return null;
    }
}

    打印结果:

    注意:

    credentials这个属性,在UsernamePasswordToken中其实是个Object,查看源代码,getCredentials()方法返回的就是password

    源代码,见图:

    故,若要正确得到UsernamePasswordToken的password,可以将credentials转为char[]再String.valof()方法获得String。
  • 相关阅读:
    获得自动增长的MySQL主键
    HTTP协议状态码的含义
    HttpServletResponse接口
    http header详解
    ORACLE中大数据量查询实现优化
    amqp rabbitMQ docker-composer
    阿里云OSS上传Invalid Object Name错误
    PHP7**幂运算执行顺序
    MySQL join 连表查询索引问题
    Composer改阿里国内镜像
  • 原文地址:https://www.cnblogs.com/ihaokun/p/10073449.html
Copyright © 2011-2022 走看看