|
|
一直以为给定的下面配置是短路方式的,即defaultJdbcRealm可以成功认证,backDoorJdbcRealm就不会被调用。
其实不然,org.apache.shiro.authc.pam.FirstSuccessfulStrategy并不是这个意思,所有的realm依然都会被调用。
只不过是第一个认证成功的AuthenticationInfo作为最后的结果返回。
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- 其他配置 -->
<property name="authenticator" ref="authenticator" />
<property name="realms">
<list>
<ref bean="defaultJdbcRealm" />
<ref bean="backDoorJdbcRealm" />
</list>
</property>
</bean>
<bean id="defaultJdbcRealm" class="..." />
<bean id="backDoorJdbcRealm" class="..." />
<bean id="authenticator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator">
<property name="authenticationStrategy">
<bean class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy" />
</property>
</bean>
为了实现目的,必须对org.apache.shiro.authc.pam.ModularRealmAuthenticator改造。
package xxx.yyy.security;
import java.util.Collection;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.pam.AuthenticationStrategy;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.util.CollectionUtils;
public class ModularRealmAuthenticator extends org.apache.shiro.authc.pam.ModularRealmAuthenticator {
@Override
protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {
AuthenticationStrategy strategy = getAuthenticationStrategy();
AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);
for (Realm realm : realms) {
aggregate = strategy.beforeAttempt(realm, token, aggregate);
if (realm.supports(token)) {
AuthenticationInfo info = null;
Throwable t = null;
try {
info = realm.getAuthenticationInfo(token);
} catch (Throwable throwable) {
t = throwable;
}
aggregate = strategy.afterAttempt(realm, token, info, aggregate, t);
// dirty dirty hack
if (aggregate != null && !CollectionUtils.isEmpty(aggregate.getPrincipals())) {
return aggregate;
}
// end dirty dirty hack
} else {
}
}
aggregate = strategy.afterAllAttempts(token, aggregate);
return aggregate;
}
}
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- 其他配置 -->
<property name="authenticator" ref="authenticator" />
<property name="realms">
<list>
<ref bean="defaultJdbcRealm" />
<ref bean="backDoorJdbcRealm" />
</list>
</property>
</bean>
<bean id="defaultJdbcRealm" class="..." />
<bean id="backDoorJdbcRealm" class="..." />
<bean id="authenticator" class="xxx.yyy.security.ModularRealmAuthenticator">
<property name="authenticationStrategy">
<bean class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy" />
</property>
</bean> |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2017-1-7 13:13:18
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡