zoukankan      html  css  js  c++  java
  • shiro登陆流程

    登录请求被FormAuthenticationFilter拦截

    FormAuthenticationFilter会执行其父类AdviceFilter的doFilterInternal方法

    其代码如下:

    boolean continueChain = preHandle(request, response);//判断是否执行后面的操作
    if (continueChain) {
      executeChain(request, response, chain);//放行
    }
     postHandle(request, response);//执行完操作后的操作  

    而preHandle调用PathMatchingFilter.preHandle -> isFilterChainContinued,再调用AccessControlFilter.onPreHandle

    onPreHandle(request, response, pathConfig){
        return isAccessAllowed(request, response, mappedValue)/*判断是否允许通过,如果不允许则执行onAccessDenied*/
    || onAccessDenied(request, response, mappedValue);
    }
    //AuthenticatingFilter.isAccessAllowed(request, response, mappedValue)的代码如下 protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {   return super.isAccessAllowed(request, response, mappedValue)/*返回是已经否登录 return subject.isAuthenticated*/ ||(!isLoginRequest(request, response) && isPermissive(mappedValue)); /*不是loginUrl请求,并且是permissive的Url请求;PathMatchingFilter的appliedPaths将filterChainDefinitions中的值转为map,permissive就是从这里取得*/ }
    //FormAuthenticationFilter.onAccessDenied(request, response)的代码如下 if (isLoginRequest(request, response)) {   if (isLoginSubmission(request, response)) {//如果是loginUrl并且是post请求,执行登录请求     return executeLogin(request, response);   } else {//如果是loginUrl并且是get请求,则运行放行,否则调到get的loginUrl     return ture; } } else { saveRequestAndRedirectToLogin(request, response); //如果不是loginUrl,跳转到get的loginUrl   return false; }
    //当点击post请求的loginUrl后,执行executeLogin,代码如下 AuthenticationToken token
    = createToken(request, response);//抽象方法,待实现。可通过request,设置AuthenticationToken的username,password if (token == null) {   throw new IllegalStateException(msg); } try {   Subject subject = getSubject(request, response);   subject.login(token);//此时调用realm的doGetAuthenticationInfo,在这里判断登录账号密码是否匹配,成功,则return AuthenticationInfo,失败,则返回异常(同时此处可设置session等)   return onLoginSuccess(token, subject, request, response);//如果subject.login成功,则执行onLoginSuccess,否则,进入catch } catch (AuthenticationException e) {      return onLoginFailure(token, e, request, response); }
  • 相关阅读:
    windows下mongodb的安装
    命令行执行大sql文件
    用css实现3D立方体旋转特效
    tp框架的详细介绍,tp框架基础
    用smarty来做简易留言系统,明细步骤简单操作
    怎么用php语言来做文件缓存
    用smarty模板做数据实现修改、分页等功能
    用smarty模板做的登录
    smarty函数
    Smarty变量
  • 原文地址:https://www.cnblogs.com/jaxlove-it/p/7536108.html
Copyright © 2011-2022 走看看