shiro问题-页面登录地址是login.html,她是如何进入到realm的?

最近有点闲,就研究下公司的项目,用到了shiro然后就学了一下,在看公司项目的时候有些疑惑,前来社区发帖讨论学习,shiro.ini配置如下:

[main]

#Session
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager

# Session Cache
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionManager.sessionDAO = $sessionDAO
securityManager.sessionManager = $sessionManager

sessionIdGenerator = me.zouooh.mvc.shiro.UU32SessionIdGenerator
securityManager.sessionManager.sessionDAO.sessionIdGenerator = $sessionIdGenerator

cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
cacheManager.cacheManagerConfigFile=classpath:ehcache.xml
securityManager.cacheManager = $cacheManager

sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher

#user
user_realm = me.zouooh.mvc.shiro.UserRealm
user_realm.credentialsMatcher = $sha256Matcher
user_realm.cacheManager = $cacheManager

# cookie
sessionIdCookie=org.apache.shiro.web.servlet.SimpleCookie
sessionIdCookie.name=sid
sessionIdCookie.maxAge=43200000
sessionIdCookie.httpOnly=true  
sessionManager.sessionIdCookie=$sessionIdCookie  
sessionManager.sessionIdCookieEnabled=true
sessionManager.globalSessionTimeout=43200000

#mis
authc = com.yixin.xv.admin.mvc.AuthenticationFilter
authc.loginUrl  = /login.html
authc.successUrl = /index.html
authc.usernameParam = account
logout.redirectUrl= /login.html

[urls]
/logout       = logout
/druid/**     = authc,roles[admin]
/burro/**     = anon
/static/**    = anon
/weixin/**    = anon
/asset/**     = anon
#/getServer    = anon
/websocket    = anon
/supplier/account/** = anon
/403.html     = anon
/favicon.ico  = anon
/captcha/**   = anon
/**           = authc


	<form class="form-signin" action="" method="post">
		<div class="form-signin-heading text-center">
			<h1 class="sign-title">${_siteName}后台登录</h1>
			<img src="${base}/asset/images/login-logo.png" alt="" />
		</div>
		<div class="login-wrap">

			<div style="height: 45px;border-bottom: 1px solid #eeeeee">
				<img src="${base}/asset/images/user.png" alt="" style="width: 30px;float:left;margin-right: 1%;margin-top: 5px">
				<input  style="float: left;width: 84%;border: none;background: white;height: 30px;margin: 7.5px 0" name="account" type="text" class="" placeholder="用户名" autofocus
						required>
			</div>
			<div style="height: 45px;border-bottom: 1px solid #eeeeee">
				<img src="${base}/asset/images/lock.png" alt="" style="width: 30px;float:left;margin-right: 1%;margin-top: 5px;">
				<input style="float: left;width: 84%;border: none;background: white;height: 30px;margin: 7.5px 0;" name="password" type="password" class=""
					   placeholder="密码" required >
			</div>
			<!-- <input name="captcha" type="text" value="">
        	<img id="captcha_img" onclick="next_captcha();return false;" src="${base}/captcha/next"></img>  -->
			<#if shiroLoginFailure??>
				<div class="input-help">
					<ul>
						<li>${shiroLoginFailure}</li>
					</ul>
				</div>
			</#if>
			<button class="btn btn-lg btn-login btn-block" type="submit" style="font-size: 24px">
				<!--<i class="fa fa-check"></i>-->
				登录
			</button>
		</div>
	</form>

开发者工具里看到了http请求地址是: localhost:8080/admin/login.html,也就是这个登录页面,但是却进入了realm的doGetAuthenticationInfo方法,很奇怪她是怎么进来的,希望社区的朋友能够解答下,十分感谢.

wendal

1楼•2628天前

com.yixin.xv.admin.mvc.AuthenticationFilter的超类是什么?

蛋蛋的忧伤(eggsblue)

2楼•2628天前

@wendal FormAuthenticationFilter

蛋蛋的忧伤(eggsblue)

3楼•2628天前

此类如下:


public class AuthenticationFilter extends FormAuthenticationFilter {

    private static final Log log = Logs.get();

    protected ShopDao shopDao;
    
    protected ShopClerkDao shopClerkDao;
    
    protected ShopClerkHandoverDao shopClerkHandoverDao;
    

    protected SysLogService sysLogService;

    @Override
    protected boolean onLoginSuccess(AuthenticationToken token,
                                     Subject subject,
                                     ServletRequest request,
                                     ServletResponse response)
            throws Exception {
        if (log.isDebugEnabled()) {
            log.debugf("Login success.Will load store info for user id [%s]",
                       subject.getPrincipal());
        }
      
        ShopClerk clerk = shopClerkDao().fetch(Cnd.where(ShopClerk.USER_ID, "=", subject.getPrincipal()));
        
        if (clerk != null) {
            Session session = subject.getSession();
          
            session.setAttribute(ShopClerk.CLERK_ID, clerk.getClerk_id());
            session.setAttribute(ShopClerk.CLERK_NAME, clerk.getClerk_name());
            session.setAttribute(ShopClerk.SHOP_ID, clerk.getShop_id());
            session.setAttribute(ShopClerk.SHOP_NAME, clerk.getShop_name());
            
            String ymd = getYMD();
            Cnd cnd = Cnd.where(ShopClerkHandover.CREATE_TIME, ">", ymd+" 05:00:00");
            cnd.desc(ShopClerkHandover.CREATE_TIME);
            cnd.and(ShopClerkHandover.CLERK_ID, "=", clerk.getClerk_id());
            cnd.and(ShopClerkHandover.SHOP_ID, "=", clerk.getShop_id());
            ShopClerkHandover handover = shopClerkHandoverDao().fetch(cnd);
            
            if (null == handover) {
            	 ShopClerkHandover over = new ShopClerkHandover();
            	 over.setOndate(BurroKit.current());
            	 over.setClerk_id(clerk.getClerk_id());
            	 over.setClerk_name(clerk.getClerk_name());
            	 over.setShop_id(clerk.getShop_id());
            	 over.setShop_name(clerk.getShop_name());
            	 over.setCreate_time(BurroKit.current());
                 shopClerkHandoverDao().insert(over);
			}
            
            if (null != handover) {
				if (handover.getOutdate() != null) {
					 ShopClerkHandover over = new ShopClerkHandover();
	            	 over.setOndate(BurroKit.current());
	            	 over.setClerk_id(clerk.getClerk_id());
	            	 over.setClerk_name(clerk.getClerk_name());
	            	 over.setShop_id(clerk.getShop_id());
	            	 over.setShop_name(clerk.getShop_name());
	            	 over.setCreate_time(BurroKit.current());
	            	  shopClerkHandoverDao().insert(over);
				}
			}
        }
        
        Shop shop = shopDao().fetch(Cnd.where(Shop.USER_ID, "=", subject.getPrincipal()));
        if (shop != null) {
            Session session = subject.getSession();
            session.setAttribute(NutShiro.SessionKey, subject.getPrincipal());
            session.setAttribute(Shop.SHOP_ID, shop.getShop_id());
            session.setAttribute(Shop.SHOP_NAME, shop.getShop_name());
            session.setAttribute(NutShiro.TokenKey, R.UU16());
        }
        
        SysLog syslog = SysLog.c("aop.after",
                                 AevnService.MEMBER_LOG_TAG,
                                 "me.zouooh.mvc.shiro.UserRealm#doGetAuthenticationInfo",
                                 (int)subject.getPrincipal(),
                                 "用户登录");
        syslog.setLog_ip(BurroKit.getRemoteIp((HttpServletRequest)request));
        sysLogService().async(syslog);
        return super.onLoginSuccess(token, subject, request, response);
    }


    @Override
    protected void setFailureAttribute(ServletRequest request, AuthenticationException ae) {
        String message = ae.getMessage();
        if (ae instanceof IncorrectCredentialsException) {
            message = "密码错误";
        }
        request.setAttribute(getFailureKeyAttribute(), message);
    }

    public SysLogService sysLogService() {
        if (sysLogService == null) {
            sysLogService = Mvcs.ctx().getDefaultIoc().get(SysLogService.class);
        }
        return sysLogService;
    }
    
    public ShopDao shopDao() {
        if (shopDao == null) {
            shopDao = Mvcs.ctx().getDefaultIoc().get(ShopDao.class);
        }
        return shopDao;
    }
    
    public ShopClerkDao shopClerkDao() {
        if (shopClerkDao == null) {
        	shopClerkDao = Mvcs.ctx().getDefaultIoc().get(ShopClerkDao.class);
        }
        return shopClerkDao;
    }
    
    public ShopClerkHandoverDao shopClerkHandoverDao(){
    	 if (shopClerkHandoverDao == null) {
    		 shopClerkHandoverDao = Mvcs.ctx().getDefaultIoc().get(ShopClerkHandoverDao.class);
         }
         return shopClerkHandoverDao;
    }
    
    public String getYMD() {
		Calendar calendar = Times.C(Times.now());
		String ymd = Times.sD(calendar.getTime());
		return ymd;
	}
    
}

wendal

4楼•2628天前

FormAuthenticationFilter 里面有一个方法

    @SuppressWarnings({"UnusedDeclaration"})
    protected boolean isLoginSubmission(ServletRequest request, ServletResponse response) {
        return (request instanceof HttpServletRequest) && WebUtils.toHttp(request).getMethod().equalsIgnoreCase(POST_METHOD);
    }

蛋蛋的忧伤(eggsblue)

5楼•2628天前

感谢大叔指点迷津.
我的理解是: 请求来了,走shiro过滤器,其中走到FormAuthenticationFilter过滤器时如果是登录请求那么就subject.login(),然后间接交给realm认证......真是让我茅塞顿开哇,感谢大叔

请先登陆