I looked at the front of a few blog, it is really miserable. The original thought that other people this piece of writing is not very good, nothing to speak clearly. And then write it myself, and the result is that I write worse. If you've been devastated by my previous blog, I'm sorry. The practice of this matter is not clear, come, let's talk about the truth, or.
Certification ProcessThe authentication process is the process of Yue Heyue the user, that is, to confirm the identity information entered by the user is the correct legal process. Let's take a look at the diagram of this certification process:
In fact, this authentication process is done automatically in the SecurityManager of Shiro. What we really do when we use it is to collect the user's identity (username + password) from the user's input, and then make the SecurityManager, and then SecurityManager call realm according to the username entered to obtain the user's identity information stored in the database. Then verify that ...
It is important to note here that the database is not just about the general sense. Shiro can obtain user information from JDBC, LDAP (), INI file, CAs and other data sources. Different data sources need to be implemented in different realms. Here is the code that calls Shiro login validation:
<span style= "FONT-FAMILY:FANGSONG_GB2312;FONT-SIZE:18PX;" > <span style= "font-family:fangsong_gb2312;" > //The user information will be constructed into tokens, and I am here to write directly to the dead usernamepasswordtoken token=new usernamepasswordtoken ("Javass", "CC"); Token.setrememberme (true); Obtained Subject Subject currentuser=securityutils.getsubject (); Call subject's Login method, this time Shiro start to enter the automatic authentication //middle need to call their own implementation of the realm to obtain user information Currentuser.login (token);</span> </span>
RealmRealm is the class that Shiro obtains the user data, the function is DAO's function. The realm class needs to be implemented by the user, and the different data sources will inherit different realms. The parent then writes two of these methods: Dogetauthorizationinfo (permission information), Dogetauthenticationinfo (obtaining user information).
It is important to note that, if it is inherited from the Casrealm, as long as the implementation of a access to the information method is good, the user information is passed through the CAs. Shiro's Casrealm has done the receiving processing, of course you can rewrite it yourself.
Securtiymanager Automation ProcessThe above certification flowchart, probably said the certification process but did not involve the Shiro internal certification process. The internal process must not draw all, just through the main class.
Shiro inside the call relationship is basically like this, followed by the source code can basically find out the line. The final transfer to our own implementation of the realm class to obtain user information.
Summary : The certification process is basically the process, the use is also very convenient. It would be nice to just implement a realm class yourself. Shiro can also use multiple realms as a data source, which is accessed in the order in which you configure them. This is it!
Apache Shiro (3)-Authentication process
