<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8">
<meta name="generator" content="pdf2htmlEX">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<link rel="stylesheet" href="https://static.pudn.com/base/css/base.min.css">
<link rel="stylesheet" href="https://static.pudn.com/base/css/fancy.min.css">
<link rel="stylesheet" href="https://static.pudn.com/prod/directory_preview_static/6289a0ed16e0ca71411b5874/raw.css">
<script src="https://static.pudn.com/base/js/compatibility.min.js"></script>
<script src="https://static.pudn.com/base/js/pdf2htmlEX.min.js"></script>
<script>
try{
pdf2htmlEX.defaultViewer = new pdf2htmlEX.Viewer({});
}catch(e){}
</script>
<title></title>
</head>
<body>
<div id="sidebar" style="display: none">
<div id="outline">
</div>
</div>
<div id="pf1" class="pf w0 h0" data-page-no="1"><div class="pc pc1 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://static.pudn.com/prod/directory_preview_static/6289a0ed16e0ca71411b5874/bg1.jpg"><div class="c x0 y1 w2 h2"><div class="t m0 x1 h3 y2 ff1 fs0 fc0 sc0 ls0 ws0">Apache Shir<span class="_ _0"></span>o <span class="ff2 sc1">使用手册</span></div><div class="t m0 x2 h3 y3 ff3 fs0 fc0 sc1 ls0 ws0"><span class="_ _1"> </span><span class="ff4 sc0">Shiro<span class="_ _2"> </span></span><span class="ff2">架构介绍</span></div><div class="t m0 x2 h4 y4 ff2 fs1 fc1 sc2 ls0 ws0">一、什么是<span class="_ _3"> </span><span class="ff4 sc0">Shiro<span class="ff5 fs2 fc0"></span></span></div><div class="t m0 x2 h5 y5 ff5 fs2 fc0 sc0 ls0 ws0">Apache Shiro<span class="_ _4"> </span><span class="ff2">是一个强大易用的<span class="_ _4"> </span></span>Java<span class="_ _4"> </span><span class="ff2">安全框架,提供了认证、授权、加密和会话管理等</span></div><div class="t m0 x2 h5 y6 ff2 fs2 fc0 sc0 ls0 ws0">功能:)</div><div class="t m0 x3 h5 y7 ff3 fs3 fc0 sc0 ls0 ws0"><span class="_ _5"> </span><span class="ff2 fs2">认证)<span class="ff5">- </span>用户身份识别,常被称为用户“登录”;</span></div><div class="t m0 x3 h5 y8 ff3 fs3 fc0 sc0 ls0 ws0"><span class="_ _5"> </span><span class="ff2 fs2">授权)<span class="ff5">- </span>访问控制;</span></div><div class="t m0 x3 h5 y9 ff3 fs3 fc0 sc0 ls0 ws0"><span class="_ _5"> </span><span class="ff2 fs2">密码加密)<span class="ff5">- </span>保护或隐藏数据防止被偷窥;</span></div><div class="t m0 x3 h5 ya ff3 fs3 fc0 sc0 ls0 ws0"><span class="_ _5"> </span><span class="ff2 fs2">会话管理)<span class="ff5">- </span>每用户相关的时间敏感的状态。</span></div><div class="t m0 x2 h5 yb ff2 fs2 fc0 sc0 ls0 ws0">对于任何一个应用程序,<span class="ff5">Shiro<span class="_ _4"> </span></span>都可以提供全面的安全管理服务。并且相对于其他安全框架,</div><div class="t m0 x2 h5 yc ff5 fs2 fc0 sc0 ls0 ws0">Shiro<span class="_ _4"> </span><span class="ff2">要简单的多。)</span></div><div class="t m0 x2 h4 yd ff2 fs1 fc1 sc2 ls0 ws0">二、<span class="ff4 sc0">Shiro<span class="_ _3"> </span></span>的架构介绍<span class="fs2 fc0 sc0">)</span></div><div class="t m0 x2 h5 ye ff2 fs2 fc0 sc0 ls0 ws0">首先,来了解一下<span class="_ _4"> </span><span class="ff5">Shiro<span class="_ _4"> </span></span>的三个核心组件:<span class="ff5">Sub<span class="_ _0"></span>ject,<span class="_ _6"></span> SecurityManager <span class="ff2">和)</span>Realms. <span class="ff2">如下图:</span></span></div><div class="t m0 x2 h5 yf ff2 fs2 fc0 sc0 ls0 ws0">)</div><div class="t m0 x4 h6 y10 ff5 fs2 fc0 sc0 ls0 ws0"></div><div class="t m0 x2 h5 y11 ff5 fs2 fc0 sc0 ls0 ws0">Subject<span class="ff2">:即“当前操作用户”。但是,在<span class="_ _4"> </span></span>Shiro<span class="_ _4"> </span><span class="ff2">中,</span>Subj<span class="_ _0"></span>ect<span class="_ _7"> </span><span class="ff2">这一概念并不仅仅指人,也可以</span></div><div class="t m0 x2 h5 y12 ff2 fs2 fc0 sc0 ls0 ws0">是第三方进程、后台帐户(<span class="ff5">Daemon Account</span>)或其他类似事物。它仅仅意味着“当前跟软</div><div class="t m0 x2 h5 y13 ff2 fs2 fc0 sc0 ls0 ws0">件交互的东西”。但考虑到大多数目的和用途,你可以把它认为是<span class="_ _4"> </span><span class="ff5">Shiro<span class="_ _4"> </span></span>的“用户”概念。)</div><div class="t m0 x2 h5 y14 ff5 fs2 fc0 sc0 ls0 ws0">Subject<span class="_ _4"> </span><span class="ff2">代表了当前用户的安全操作,</span>SecurityManager<span class="_ _4"> </span><span class="ff2">则管理所有用户的安全操作。)</span></div><div class="t m0 x2 h5 y15 ff5 fs2 fc0 sc0 ls0 ws0">SecurityManager<span class="ff2">:它是<span class="_ _4"> </span></span>Shiro<span class="_ _4"> </span><span class="ff2">框架的核心,典型的<span class="_ _4"> </span></span>Fa<span class="_ _0"></span>cade<span class="_ _4"> </span><span class="ff2">模式,</span>Shiro<span class="_ _4"> </span><span class="ff2">通过</span></div><div class="t m0 x2 h5 y16 ff5 fs2 fc0 sc0 ls0 ws0">SecurityManager<span class="_ _4"> </span><span class="ff2">来管理内部组件实例,并通过它来提供安全管理的各种服务。)</span></div><div class="t m0 x2 h5 y17 ff5 fs2 fc0 sc0 ls0 ws0">Realm<span class="ff2">:)</span>Realm<span class="_ _4"> </span><span class="ff2">充当了<span class="_ _4"> </span></span>Shiro<span class="_ _4"> </span><span class="ff2">与应用安全数据间的“桥梁<span class="_ _0"></span>”或者“连接器”。也就是说,当对用</span></div><div class="t m0 x2 h5 y18 ff2 fs2 fc0 sc0 ls0 ws0">户执行认证(登录)和授权(访问控制)验证时,<span class="ff5">Shiro<span class="_ _4"> </span></span>会从应用配置的<span class="_ _4"> </span><span class="ff5">Rea<span class="_ _0"></span>lm<span class="_ _4"> </span><span class="ff2">中查找用</span></span></div></div></div><div class="pi" data-data='{"ctm":[1.611850,0.000000,0.000000,1.611850,0.000000,0.000000]}'></div></div>
</body>
</html>
<div id="pf2" class="pf w0 h0" data-page-no="2"><div class="pc pc2 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://static.pudn.com/prod/directory_preview_static/6289a0ed16e0ca71411b5874/bg2.jpg"><div class="c x0 y1 w2 h2"><div class="t m0 x2 h5 y19 ff2 fs2 fc0 sc0 ls0 ws0">户及其权限信息。)</div><div class="t m0 x2 h5 y1a ff2 fs2 fc0 sc0 ls0 ws0">从这个意义上讲,<span class="ff5">Realm<span class="_ _4"> </span></span>实质上是一个安全相关的<span class="_ _4"> </span><span class="ff5">DAO</span>:它封装了数据源的连接细节,并</div><div class="t m0 x2 h5 y1b ff2 fs2 fc0 sc0 ls0 ws0">在需要时将相关数据提供给<span class="_ _4"> </span><span class="ff5">Shiro</span>。当配置<span class="_ _4"> </span><span class="ff5">Shi<span class="_ _0"></span>ro<span class="_ _4"> </span><span class="ff2">时,你必须至少指定一个<span class="_ _4"> </span></span>Realm<span class="ff2">,用于认</span></span></div><div class="t m0 x2 h5 y1c ff2 fs2 fc0 sc0 ls0 ws0">证和(或)授权。配置多个<span class="_ _4"> </span><span class="ff5">Realm<span class="_ _4"> </span></span>是可以的,但是至少需要一个。)</div><div class="t m0 x2 h5 y1d ff5 fs2 fc0 sc0 ls0 ws0">Shiro<span class="_ _4"> </span><span class="ff2">内置了可以连接大量安全数据源(又名目录)的<span class="_ _4"> </span></span>Rea<span class="_ _0"></span>lm<span class="_ _6"></span><span class="ff2">,如<span class="_ _4"> </span></span>LDAP<span class="ff2">、关系数据库</span></div><div class="t m0 x2 h5 y1e ff2 fs2 fc0 sc0 ls0 ws0">(<span class="ff5">JDBC</span>)、类似<span class="_ _4"> </span><span class="ff5">INI<span class="_ _4"> </span></span>的文本配置资源以及属性文件等。如果缺省的<span class="_ _8"> </span><span class="ff5">Realm<span class="_ _4"> </span></span>不能满足需求,</div><div class="t m0 x2 h5 y1f ff2 fs2 fc0 sc0 ls0 ws0">你还可以插入代表自定义数据源的自己的<span class="_ _8"> </span><span class="ff5">Realm<span class="_ _4"> </span></span>实现。)</div><div class="t m0 x2 h5 y20 ff4 fs2 fc1 sc0 ls0 ws0">Shiro<span class="_ _4"> </span><span class="ff2 sc2">完整架构图:<span class="fc0 sc0">)</span></span></div><div class="t m0 x5 h6 y21 ff5 fs2 fc0 sc0 ls0 ws0"></div><div class="t m0 x2 h5 y22 ff2 fs2 fc0 sc0 ls0 ws0">除前文所讲<span class="_ _8"> </span><span class="ff5">Subject<span class="_ _6"></span></span>、<span class="ff5">SecurityManager </span>、<span class="ff5">Realm<span class="_ _8"> </span></span>三个核心组件外,<span class="ff5">Shiro<span class="_ _4"> </span></span>主要组件还包括:</div><div class="t m0 x2 h5 y23 ff2 fs2 fc0 sc0 ls0 ws0">)</div><div class="t m0 x2 h5 y24 ff5 fs2 fc0 sc0 ls0 ws0">Authenticator <span class="ff2">:认证就是核实用户身份的过程。这个过程的常见例子是大家都熟悉的“用户</span></div><div class="t m0 x2 h5 y25 ff5 fs2 fc0 sc0 ls0 ws0">/<span class="ff2">密码”组合。多数用户在登录软件系统时,通常提供自己的用户名(当事人)和支持他们</span></div><div class="t m0 x2 h7 y26 ff2 fs2 fc0 sc0 ls0 ws0">的密码(证<span class="ff6">书</span>)。如果<span class="ff6">存储</span>在系统中的密码(或密码表<span class="ff6">示</span>)与用户提供的<span class="ff6">匹</span>配,他们就被</div><div class="t m0 x2 h5 y27 ff2 fs2 fc0 sc0 ls0 ws0">认为通过认证。)</div><div class="t m0 x2 h7 y28 ff5 fs2 fc0 sc0 ls0 ws0">Authorizer <span class="ff2">:授权实质上就是访问控制)</span>- <span class="ff2">控制用户能<span class="ff6">够</span>访问应用中的<span class="ff6">哪些</span>内<span class="ff6">容</span>,<span class="ff6">比</span>如资源、</span></div><div class="t m0 x2 h7 y29 ff5 fs2 fc0 sc0 ls0 ws0">Web<span class="_ _8"> </span><span class="ff6">页<span class="ff2">面等等。)</span></span></div><div class="t m0 x2 h7 y2a ff5 fs2 fc0 sc0 ls0 ws0">SessionManager <span class="ff2">:在安全框架<span class="ff6">领域</span>,</span>Apache Shiro<span class="_ _4"> </span><span class="ff2">提供了一<span class="ff6">些独特</span>的东西:可在任何应</span></div><div class="t m0 x2 h7 y2b ff2 fs2 fc0 sc0 ls0 ws0">用或架构<span class="ff6">层</span>一<span class="ff6">致地</span>使用<span class="_ _8"> </span><span class="ff5">Session API<span class="_ _6"></span></span>。即,<span class="ff5">Shiro<span class="_ _8"> </span></span>为任何应用提供了一个会话<span class="ff6">编</span>程<span class="ff6">范</span>式)<span class="ff5">- </span>从</div><div class="t m0 x2 h7 y2c ff6 fs2 fc0 sc0 ls0 ws0">小<span class="ff2">型后台</span>独立<span class="ff2">应用到大型</span>集群<span class="_ _8"> </span><span class="ff5">Web<span class="_ _4"> </span><span class="ff2">应用。这意味着,</span></span>那些希望<span class="ff2">使用会话的应用</span>开发<span class="ff2">者,不</span></div></div></div><div class="pi" data-data='{"ctm":[1.611850,0.000000,0.000000,1.611850,0.000000,0.000000]}'></div></div>
<div id="pf3" class="pf w0 h0" data-page-no="3"><div class="pc pc3 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://static.pudn.com/prod/directory_preview_static/6289a0ed16e0ca71411b5874/bg3.jpg"><div class="c x0 y1 w2 h2"><div class="t m0 x2 h7 y19 ff2 fs2 fc0 sc0 ls0 ws0">必被<span class="ff6">迫</span>使用<span class="_ _8"> </span><span class="ff5">Servlet<span class="_ _4"> </span></span>或<span class="_ _4"> </span><span class="ff5">EJB<span class="_ _4"> </span><span class="ff6">容</span></span>器了。或者,如果<span class="ff6">正</span>在使用这<span class="ff6">些容</span>器,<span class="ff6">开发</span>者现在也可以<span class="ff6">选</span></div><div class="t m0 x2 h7 y1a ff6 fs2 fc0 sc0 ls0 ws0">择<span class="ff2">使用在任何</span>层<span class="ff2">统一一</span>致<span class="ff2">的会话<span class="_ _8"> </span><span class="ff5">API</span>,</span>取<span class="ff2">代<span class="_ _4"> </span><span class="ff5">Servlet<span class="_ _4"> </span></span>或<span class="_ _4"> </span><span class="ff5">EJB<span class="_ _8"> </span></span></span>机<span class="ff2">制。)</span></div><div class="t m0 x2 h7 y1b ff5 fs2 fc0 sc0 ls0 ws0">CacheManager :<span class="ff2">对<span class="_ _4"> </span></span>Shiro<span class="_ _8"> </span><span class="ff2">的其他组件提供<span class="ff6">缓存</span>支持。)</span></div></div></div><div class="pi" data-data='{"ctm":[1.611850,0.000000,0.000000,1.611850,0.000000,0.000000]}'></div></div>
<div id="pf4" class="pf w0 h0" data-page-no="4"><div class="pc pc4 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://static.pudn.com/prod/directory_preview_static/6289a0ed16e0ca71411b5874/bg4.jpg"><div class="c x0 y1 w2 h2"><div class="t m0 x2 h3 y2d ff3 fs0 fc0 sc1 ls0 ws0"><span class="_ _1"> </span><span class="ff4 sc0">Shiro </span><span class="ff2">认证</span></div><div class="t m0 x6 h7 y2e ff2 fs2 fc0 sc0 ls0 ws0">认证就是验证用户身份的过程。在认证过程中,用户需要提交实<span class="ff6">体</span>信息<span class="ff5">(Principals)</span>和</div><div class="t m0 x2 h7 y2f ff6 fs2 fc0 sc0 ls0 ws0">凭<span class="ff2">据信息<span class="ff5">(Credentials)</span>以</span>检<span class="ff2">验用户是</span>否<span class="ff2">合</span>法<span class="ff2">。</span>最<span class="ff2">常见的“实</span>体<span class="ff5">/</span>凭<span class="ff2">证”组合</span>便<span class="ff2">是“用户名<span class="ff5">/</span>密码”</span></div><div class="t m0 x2 h5 y30 ff2 fs2 fc0 sc0 ls0 ws0">组合。)</div><div class="t m0 x2 h4 y31 ff2 fs1 fc1 sc2 ls0 ws0">一、<span class="ff4 sc0">Shiro<span class="_ _3"> </span></span>认证过程<span class="fs2 fc0 sc0">)</span></div><div class="t m0 x2 h7 y32 ff4 fs2 fc0 sc0 ls0 ws0">1<span class="ff2 sc1">、<span class="ff6">收集</span>实<span class="ff6">体</span></span>/<span class="ff6 sc1">凭<span class="ff2">据信息<span class="sc0">)</span></span></span></div><div class="t m0 x2 h8 y33 ff7 fs4 fc0 sc0 ls0 ws0">Java<span class="_ _8"> </span><span class="ff2 sc1">代码))</span></div><div class="t m0 x7 h9 y34 ff8 fs4 fc2 sc0 ls0 ws0">1.<span class="_ _9"> </span><span class="fc3">//Exampleusingmostcommonscenarioofusername<span class="_ _0"></span>/password<span class="_ _6"></span>pair:<span class="fc0"></span></span></div><div class="t m0 x7 ha y35 ff8 fs4 fc2 sc0 ls0 ws0">2.<span class="_ _9"> </span><span class="fc0">UsernamePasswordTokentoken=<span class="ff7 fc4">new</span>Username<span class="_ _0"></span>PasswordToken(username,<span class="_ _6"></span>pass</span></div><div class="t m0 x8 h9 y36 ff8 fs4 fc0 sc0 ls0 ws0">word);</div><div class="t m0 x7 h9 y37 ff8 fs4 fc2 sc0 ls0 ws0">3.<span class="_ _9"> </span><span class="fc3">//”RememberMe”built-in:<span class="fc0"></span></span></div><div class="t m0 x7 ha y38 ff8 fs4 fc2 sc0 ls0 ws0">4.<span class="_ _9"> </span><span class="fc0">token.setRememberMe(<span class="ff7 fc4">true</span>);</span></div><div class="t m0 x2 h7 y39 ff5 fs2 fc0 sc0 ls0 ws0">UsernamePasswordToken<span class="_ _4"> </span><span class="ff2">支持<span class="ff6">最</span>常见的用户名</span>/<span class="ff2">密码的认证<span class="ff6">机</span>制。<span class="ff6">同</span>时,<span class="ff6">由</span>于它实现了</span></div><div class="t m0 x2 h7 y3a ff5 fs2 fc0 sc0 ls0 ws0">RememberMeAuthenticationToken<span class="_ _4"> </span><span class="ff2">接<span class="ff6">口</span>,<span class="ff6">我</span>们可以通过<span class="ff6">令牌设</span>置“<span class="ff6">记住我</span>”的功能。)</span></div><div class="t m0 x2 h7 y3b ff2 fs2 fc0 sc0 ls0 ws0">但是,“<span class="ff6">已记住</span>”和“<span class="ff6">已</span>认证”是有<span class="ff6">区</span>别的:)</div><div class="t m0 x2 h7 y3c ff6 fs2 fc0 sc0 ls0 ws0">已记住<span class="ff2">的用户仅仅是</span>非匿<span class="ff2">名用户,你可以通过<span class="_ _8"> </span><span class="ff5">subject.getPrincipals()<span class="_ _6"></span></span></span>获取<span class="ff2">用户信息。但是</span></div><div class="t m0 x2 h7 y3d ff2 fs2 fc0 sc0 ls0 ws0">它并<span class="ff6">非</span>是完全认证通过的用户,当你访问需要认证用户的功能时,你<span class="ff6">仍然</span>需要<span class="ff6">重新</span>提交认</div><div class="t m0 x2 h5 y3e ff2 fs2 fc0 sc0 ls0 ws0">证信息。)</div><div class="t m0 x2 h7 y3f ff2 fs2 fc0 sc0 ls0 ws0">这一<span class="ff6">区</span>别可以<span class="ff6">参</span>考<span class="ff6">亚马逊网站</span>,<span class="ff6">网站</span>会<span class="ff6">默</span>认<span class="ff6">记住</span>登录的用户,<span class="ff6">再次</span>访问<span class="ff6">网站</span>时,对于<span class="ff6">非</span>敏</div><div class="t m0 x2 h7 y40 ff2 fs2 fc0 sc0 ls0 ws0">感的<span class="ff6">页</span>面功能,<span class="ff6">页</span>面上会<span class="ff6">显示记住</span>的用户信息,但是当你访问<span class="ff6">网站账</span>户信息时<span class="ff6">仍然</span>需要<span class="ff6">再</span></div><div class="t m0 x2 h7 y41 ff6 fs2 fc0 sc0 ls0 ws0">次<span class="ff2">进行登录认证。)</span></div><div class="t m0 x2 h7 y42 ff4 fs2 fc0 sc0 ls0 ws0">2<span class="ff2 sc1">、提交实<span class="ff6">体</span></span>/<span class="ff6 sc1">凭<span class="ff2">据信息<span class="sc0">)</span></span></span></div><div class="t m0 x2 h8 y43 ff7 fs4 fc0 sc0 ls0 ws0">Java<span class="_ _8"> </span><span class="ff2 sc1">代码))</span></div><div class="t m0 x7 h9 y44 ff8 fs4 fc2 sc0 ls0 ws0">1.<span class="_ _9"> </span><span class="fc0">SubjectcurrentUser=SecurityU<span class="_ _0"></span>tils.getSubject();</span></div><div class="t m0 x7 h9 y45 ff8 fs4 fc2 sc0 ls0 ws0">2.<span class="_ _9"> </span><span class="fc0">currentUser.login(token)<span class="_ _0"></span>;<span class="_ _6"></span></span></div><div class="t m0 x2 h7 y46 ff6 fs2 fc0 sc0 ls0 ws0">收集<span class="ff2">了实</span>体<span class="ff5">/</span>凭<span class="ff2">据信息</span>之<span class="ff2">后,</span>我<span class="ff2">们可以通过<span class="_ _8"> </span><span class="ff5">SecurityUtils<span class="_ _4"> </span></span></span>工具<span class="ff2">类,</span>获取<span class="ff2">当前的用户,</span>然<span class="ff2">后通</span></div><div class="t m0 x2 h7 y47 ff2 fs2 fc0 sc0 ls0 ws0">过<span class="ff6">调</span>用<span class="_ _8"> </span><span class="ff5">login<span class="_ _4"> </span></span>方<span class="ff6">法</span>提交认证。</div><div class="t m0 x2 h7 y48 ff4 fs2 fc0 sc0 ls0 ws0">3<span class="ff2 sc1">、认证<span class="ff6">处</span>理<span class="sc0">)</span></span></div><div class="t m0 x2 h8 y49 ff7 fs4 fc0 sc0 ls0 ws0">Java<span class="_ _8"> </span><span class="ff2 sc1">代码))</span></div><div class="t m0 x7 ha y4a ff8 fs4 fc2 sc0 ls0 ws0">1.<span class="_ _9"> </span><span class="ff7 fc4">try</span><span class="fc0">{</span></div><div class="t m0 x7 h9 y4b ff8 fs4 fc2 sc0 ls0 ws0">2.<span class="_ _9"> </span><span class="fc0">currentUse<span class="_ _0"></span>r.login(token);<span class="_ _6"></span></span></div><div class="t m0 x7 ha y4c ff8 fs4 fc2 sc0 ls0 ws0">3.<span class="_ _9"> </span><span class="fc0">}<span class="ff7 fc4">catch</span>(UnknownAcc<span class="_ _0"></span>ountException<span class="_ _6"></span>uae){...</span></div><div class="t m0 x7 ha y4d ff8 fs4 fc2 sc0 ls0 ws0">4.<span class="_ _9"> </span><span class="fc0">}<span class="ff7 fc4">catch</span>(IncorrectC<span class="_ _0"></span>redentialsException<span class="_ _6"></span>ice){...</span></div><div class="t m0 x7 ha y4e ff8 fs4 fc2 sc0 ls0 ws0">5.<span class="_ _9"> </span><span class="fc0">}<span class="ff7 fc4">catch</span>(LockedAcco<span class="_ _0"></span>untException<span class="_ _6"></span>lae){...</span></div><div class="t m0 x7 ha y4f ff8 fs4 fc2 sc0 ls0 ws0">6.<span class="_ _9"> </span><span class="fc0">}<span class="ff7 fc4">catch</span>(ExcessiveA<span class="_ _0"></span>ttemptsException<span class="_ _6"></span>eae){...</span></div><div class="t m0 x7 ha y50 ff8 fs4 fc2 sc0 ls0 ws0">7.<span class="_ _9"> </span><span class="fc0">}...<span class="ff7 fc4">catch</span>yourown...</span></div></div><a class="l" rel='nofollow' onclick='return false;'><div class="d m1"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m1"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m1"></div></a></div><div class="pi" data-data='{"ctm":[1.611850,0.000000,0.000000,1.611850,0.000000,0.000000]}'></div></div>
<div id="pf5" class="pf w0 h0" data-page-no="5"><div class="pc pc5 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://static.pudn.com/prod/directory_preview_static/6289a0ed16e0ca71411b5874/bg5.jpg"><div class="c x0 y1 w2 h2"><div class="t m0 x7 ha y51 ff8 fs4 fc2 sc0 ls0 ws0">8.<span class="_ _9"> </span><span class="fc0">}<span class="ff7 fc4">catch</span>(Authentica<span class="_ _0"></span>tionException<span class="_ _6"></span>ae){</span></div><div class="t m0 x7 h9 y52 ff8 fs4 fc2 sc0 ls0 ws0">9.<span class="_ _9"> </span><span class="fc0"><span class="fc3">//unexpect<span class="_ _0"></span>ed<span class="_ _6"></span>error?<span class="fc0"></span></span></span></div><div class="t m0 x7 h9 y53 ff8 fs4 fc2 sc0 ls0 ws0">10.<span class="_ _8"> </span><span class="fc0">}</span></div><div class="t m0 x2 h7 y54 ff2 fs2 fc0 sc0 ls0 ws0">如果<span class="_ _8"> </span><span class="ff5">login<span class="_ _4"> </span></span>方<span class="ff6">法</span>执行完<span class="ff6">毕</span>且<span class="ff6">没</span>有<span class="ff6">抛出</span>任何<span class="ff6">异</span>常信息,<span class="ff6">那</span>么<span class="ff6">便</span>认为用户认证通过。<span class="ff6">之</span>后在应用</div><div class="t m0 x2 h7 y55 ff2 fs2 fc0 sc0 ls0 ws0">程序任意<span class="ff6">地</span>方<span class="ff6">调</span>用<span class="_ _8"> </span><span class="ff5">SecurityUtils.getSubject() <span class="_ _6"></span></span>都可以<span class="ff6">获取</span>到当前认证通过的用户实例,使</div><div class="t m0 x2 h7 y56 ff2 fs2 fc0 sc0 ls0 ws0">用<span class="_ _8"> </span><span class="ff5">subject.isAuthenticated()<span class="_ _6"></span><span class="ff6">判断</span></span>用户是<span class="ff6">否已</span>验证都将<span class="ff6">返回<span class="_ _8"> </span><span class="ff5">true.</span></span></div><div class="t m0 x2 h7 y57 ff2 fs2 fc0 sc0 ls0 ws0">相<span class="ff6">反</span>,如果<span class="_ _8"> </span><span class="ff5">login<span class="_ _4"> </span></span>方<span class="ff6">法</span>执行过程中<span class="ff6">抛出异</span>常,<span class="ff6">那</span>么将认为认证<span class="ff6">失败</span>。<span class="ff5">Shiro<span class="_ _4"> </span></span>有着<span class="ff6">丰富</span>的<span class="ff6">层次</span></div><div class="t m0 x2 h7 y58 ff6 fs2 fc0 sc0 ls0 ws0">鲜明<span class="ff2">的</span>异<span class="ff2">常类来</span>描述<span class="ff2">认证</span>失败<span class="ff2">的</span>原因<span class="ff2">,如代码</span>示<span class="ff2">例。)</span></div><div class="t m0 x2 hb y59 ff2 fs1 fc1 sc2 ls0 ws0">二、登<span class="ff6">出</span>操作<span class="fs2 fc0 sc0">)</span></div><div class="t m0 x2 h7 y5a ff2 fs2 fc0 sc0 ls0 ws0">登<span class="ff6">出</span>操作可以通过<span class="ff6">调</span>用<span class="_ _8"> </span><span class="ff5">subject.logout()<span class="_ _6"></span></span>来<span class="ff6">删</span>除你的登录信息,如:)</div><div class="t m0 x2 h8 y5b ff7 fs4 fc0 sc0 ls0 ws0">Java<span class="_ _8"> </span><span class="ff2 sc1">代码))</span></div><div class="t m0 x7 h9 y5c ff8 fs4 fc2 sc0 ls0 ws0">1.<span class="_ _9"> </span><span class="fc0">currentUser.logout();<span class="fc3">//removesallidenti<span class="_ _0"></span>fying<span class="_ _6"></span>informationandinvali</span></span></div><div class="t m0 x8 h9 y5d ff8 fs4 fc3 sc0 ls0 ws0">datestheirsessiontoo.<span class="fc0"></span></div><div class="t m0 x2 h7 y5e ff2 fs2 fc0 sc0 ls0 ws0">当执行完登<span class="ff6">出</span>操作后,<span class="ff5">Session<span class="_ _4"> </span></span>信息将被<span class="ff6">清空</span>,<span class="ff5">subject<span class="_ _8"> </span></span>将被<span class="ff6">视</span>作为<span class="ff6">匿</span>名用户。)</div><div class="t m0 x2 hb y5f ff2 fs1 fc1 sc2 ls0 ws0">三、认证内部<span class="ff6">处</span>理<span class="ff6">机</span>制<span class="fs2 fc0 sc0">)</span></div><div class="t m0 x2 h7 y60 ff2 fs2 fc0 sc0 ls0 ws0">以上,是<span class="_ _8"> </span><span class="ff5">Shiro<span class="_ _4"> </span></span>认证在应用程序中的<span class="ff6">处</span>理过程,下面将<span class="ff6">详</span>细解说<span class="_ _4"> </span><span class="ff5">Shiro<span class="_ _8"> </span></span>认证的内部<span class="ff6">处</span>理<span class="ff6">机</span>制。</div><div class="t m0 x2 h5 y61 ff2 fs2 fc0 sc0 ls0 ws0">)</div><div class="t m0 x9 h6 y62 ff5 fs2 fc0 sc0 ls0 ws0"></div><div class="t m0 x2 h7 y63 ff2 fs2 fc0 sc0 ls0 ws0">如上图,<span class="ff6">我</span>们通过<span class="_ _8"> </span><span class="ff5">Shiro<span class="_ _4"> </span></span>架构图的认证部<span class="ff6">分</span>,来说<span class="ff6">明<span class="_ _4"> </span><span class="ff5">Shiro<span class="_ _8"> </span></span></span>认证内部的<span class="ff6">处</span>理<span class="ff6">顺</span>序:)</div><div class="t m0 x2 h7 y64 ff5 fs2 fc0 sc0 ls0 ws0">1<span class="ff2">、应用程序构<span class="ff6">建</span>了一个<span class="ff6">终端</span>用户认证信息的<span class="_ _4"> </span></span>AuthenticationToken <span class="ff2">实例后,<span class="ff6">调</span>用</span></div><div class="t m0 x2 h7 y65 ff5 fs2 fc0 sc0 ls0 ws0">Subject.login<span class="_ _4"> </span><span class="ff2">方<span class="ff6">法</span>。)</span></div><div class="t m0 x2 h7 y66 ff5 fs2 fc0 sc0 ls0 ws0">2<span class="ff2">、</span>Sbuject<span class="_ _4"> </span><span class="ff2">的实例通常是<span class="_ _8"> </span></span>DelegatingSubject<span class="_ _4"> </span><span class="ff2">类(或子类)的实例对<span class="ff6">象</span>,在认证<span class="ff6">开始</span>时,</span></div><div class="t m0 x2 h7 y67 ff2 fs2 fc0 sc0 ls0 ws0">会<span class="ff6">委托</span>应用程序<span class="ff6">设</span>置的<span class="_ _8"> </span><span class="ff5">securityManager<span class="_ _4"> </span></span>实例<span class="ff6">调</span>用<span class="_ _4"> </span><span class="ff5">securityManager.login(token)</span>方<span class="ff6">法</span>。)</div></div><a class="l" rel='nofollow' onclick='return false;'><div class="d m1"></div></a></div><div class="pi" data-data='{"ctm":[1.611850,0.000000,0.000000,1.611850,0.000000,0.000000]}'></div></div>
