NutzCN Logo
问答 shiro问题-页面登录地址是login.html,她是如何进入到realm的?
发布于 2664天前 作者 蛋蛋的忧伤 4819 次浏览 复制 上一个帖子 下一个帖子
标签:

最近有点闲,就研究下公司的项目,用到了shiro然后就学了一下,在看公司项目的时候有些疑惑,前来社区发帖讨论学习,shiro.ini配置如下:

[main]

#Session
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager

# Session Cache
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionManager.sessionDAO = $sessionDAO
securityManager.sessionManager = $sessionManager

sessionIdGenerator = me.zouooh.mvc.shiro.UU32SessionIdGenerator
securityManager.sessionManager.sessionDAO.sessionIdGenerator = $sessionIdGenerator

cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
cacheManager.cacheManagerConfigFile=classpath:ehcache.xml
securityManager.cacheManager = $cacheManager

sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher

#user
user_realm = me.zouooh.mvc.shiro.UserRealm
user_realm.credentialsMatcher = $sha256Matcher
user_realm.cacheManager = $cacheManager

# cookie
sessionIdCookie=org.apache.shiro.web.servlet.SimpleCookie
sessionIdCookie.name=sid
sessionIdCookie.maxAge=43200000
sessionIdCookie.httpOnly=true  
sessionManager.sessionIdCookie=$sessionIdCookie  
sessionManager.sessionIdCookieEnabled=true
sessionManager.globalSessionTimeout=43200000

#mis
authc = com.yixin.xv.admin.mvc.AuthenticationFilter
authc.loginUrl  = /login.html
authc.successUrl = /index.html
authc.usernameParam = account
logout.redirectUrl= /login.html

[urls]
/logout       = logout
/druid/**     = authc,roles[admin]
/burro/**     = anon
/static/**    = anon
/weixin/**    = anon
/asset/**     = anon
#/getServer    = anon
/websocket    = anon
/supplier/account/** = anon
/403.html     = anon
/favicon.ico  = anon
/captcha/**   = anon
/**           = authc

login.html:


<form class="form-signin" action="" method="post"> <div class="form-signin-heading text-center"> <h1 class="sign-title">${_siteName}后台登录</h1> <img src="${base}/asset/images/login-logo.png" alt="" /> </div> <div class="login-wrap"> <div style="height: 45px;border-bottom: 1px solid #eeeeee"> <img src="${base}/asset/images/user.png" alt="" style="width: 30px;float:left;margin-right: 1%;margin-top: 5px"> <input style="float: left;width: 84%;border: none;background: white;height: 30px;margin: 7.5px 0" name="account" type="text" class="" placeholder="用户名" autofocus required> </div> <div style="height: 45px;border-bottom: 1px solid #eeeeee"> <img src="${base}/asset/images/lock.png" alt="" style="width: 30px;float:left;margin-right: 1%;margin-top: 5px;"> <input style="float: left;width: 84%;border: none;background: white;height: 30px;margin: 7.5px 0;" name="password" type="password" class="" placeholder="密码" required > </div> <!-- <input name="captcha" type="text" value=""> <img id="captcha_img" onclick="next_captcha();return false;" src="${base}/captcha/next"></img> --> <#if shiroLoginFailure??> <div class="input-help"> <ul> <li>${shiroLoginFailure}</li> </ul> </div> </#if> <button class="btn btn-lg btn-login btn-block" type="submit" style="font-size: 24px"> <!--<i class="fa fa-check"></i>--> 登录 </button> </div> </form>

开发者工具里看到了http请求地址是: localhost:8080/admin/login.html,也就是这个登录页面,但是却进入了realm的doGetAuthenticationInfo方法,很奇怪她是怎么进来的,希望社区的朋友能够解答下,十分感谢.

5 回复

com.yixin.xv.admin.mvc.AuthenticationFilter的超类是什么?

此类如下:


public class AuthenticationFilter extends FormAuthenticationFilter { private static final Log log = Logs.get(); protected ShopDao shopDao; protected ShopClerkDao shopClerkDao; protected ShopClerkHandoverDao shopClerkHandoverDao; protected SysLogService sysLogService; @Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception { if (log.isDebugEnabled()) { log.debugf("Login success.Will load store info for user id [%s]", subject.getPrincipal()); } ShopClerk clerk = shopClerkDao().fetch(Cnd.where(ShopClerk.USER_ID, "=", subject.getPrincipal())); if (clerk != null) { Session session = subject.getSession(); session.setAttribute(ShopClerk.CLERK_ID, clerk.getClerk_id()); session.setAttribute(ShopClerk.CLERK_NAME, clerk.getClerk_name()); session.setAttribute(ShopClerk.SHOP_ID, clerk.getShop_id()); session.setAttribute(ShopClerk.SHOP_NAME, clerk.getShop_name()); String ymd = getYMD(); Cnd cnd = Cnd.where(ShopClerkHandover.CREATE_TIME, ">", ymd+" 05:00:00"); cnd.desc(ShopClerkHandover.CREATE_TIME); cnd.and(ShopClerkHandover.CLERK_ID, "=", clerk.getClerk_id()); cnd.and(ShopClerkHandover.SHOP_ID, "=", clerk.getShop_id()); ShopClerkHandover handover = shopClerkHandoverDao().fetch(cnd); if (null == handover) { ShopClerkHandover over = new ShopClerkHandover(); over.setOndate(BurroKit.current()); over.setClerk_id(clerk.getClerk_id()); over.setClerk_name(clerk.getClerk_name()); over.setShop_id(clerk.getShop_id()); over.setShop_name(clerk.getShop_name()); over.setCreate_time(BurroKit.current()); shopClerkHandoverDao().insert(over); } if (null != handover) { if (handover.getOutdate() != null) { ShopClerkHandover over = new ShopClerkHandover(); over.setOndate(BurroKit.current()); over.setClerk_id(clerk.getClerk_id()); over.setClerk_name(clerk.getClerk_name()); over.setShop_id(clerk.getShop_id()); over.setShop_name(clerk.getShop_name()); over.setCreate_time(BurroKit.current()); shopClerkHandoverDao().insert(over); } } } Shop shop = shopDao().fetch(Cnd.where(Shop.USER_ID, "=", subject.getPrincipal())); if (shop != null) { Session session = subject.getSession(); session.setAttribute(NutShiro.SessionKey, subject.getPrincipal()); session.setAttribute(Shop.SHOP_ID, shop.getShop_id()); session.setAttribute(Shop.SHOP_NAME, shop.getShop_name()); session.setAttribute(NutShiro.TokenKey, R.UU16()); } SysLog syslog = SysLog.c("aop.after", AevnService.MEMBER_LOG_TAG, "me.zouooh.mvc.shiro.UserRealm#doGetAuthenticationInfo", (int)subject.getPrincipal(), "用户登录"); syslog.setLog_ip(BurroKit.getRemoteIp((HttpServletRequest)request)); sysLogService().async(syslog); return super.onLoginSuccess(token, subject, request, response); } @Override protected void setFailureAttribute(ServletRequest request, AuthenticationException ae) { String message = ae.getMessage(); if (ae instanceof IncorrectCredentialsException) { message = "密码错误"; } request.setAttribute(getFailureKeyAttribute(), message); } public SysLogService sysLogService() { if (sysLogService == null) { sysLogService = Mvcs.ctx().getDefaultIoc().get(SysLogService.class); } return sysLogService; } public ShopDao shopDao() { if (shopDao == null) { shopDao = Mvcs.ctx().getDefaultIoc().get(ShopDao.class); } return shopDao; } public ShopClerkDao shopClerkDao() { if (shopClerkDao == null) { shopClerkDao = Mvcs.ctx().getDefaultIoc().get(ShopClerkDao.class); } return shopClerkDao; } public ShopClerkHandoverDao shopClerkHandoverDao(){ if (shopClerkHandoverDao == null) { shopClerkHandoverDao = Mvcs.ctx().getDefaultIoc().get(ShopClerkHandoverDao.class); } return shopClerkHandoverDao; } public String getYMD() { Calendar calendar = Times.C(Times.now()); String ymd = Times.sD(calendar.getTime()); return ymd; } }

FormAuthenticationFilter 里面有一个方法

    @SuppressWarnings({"UnusedDeclaration"})
    protected boolean isLoginSubmission(ServletRequest request, ServletResponse response) {
        return (request instanceof HttpServletRequest) && WebUtils.toHttp(request).getMethod().equalsIgnoreCase(POST_METHOD);
    }

感谢大叔指点迷津.
我的理解是: 请求来了,走shiro过滤器,其中走到FormAuthenticationFilter过滤器时如果是登录请求那么就subject.login(),然后间接交给realm认证......真是让我茅塞顿开哇,感谢大叔

添加回复
请先登陆
回到顶部