shiro框架的UsernamePasswordToken与对应Realm中的AuthenticationToken的一点比较

时间:2023-12-18 12:05:26

这里以简单的登陆为例子

控制器对应的登陆方法:

@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(@RequestParam("username") String username, @RequestParam("password") String password){
// 获取当前的 Subject. 调用 SecurityUtils.getSubject();
Subject currentUser = SecurityUtils.getSubject(); // 测试当前的用户是否已经被认证. 即是否已经登录.
// 调动 Subject 的 isAuthenticated()
if (!currentUser.isAuthenticated()) {
// 把用户名和密码封装为 UsernamePasswordToken 对象
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
// rememberme
token.setRememberMe(true);
try {
System.out.println("UsernamePasswordToken:");
System.out.println("hashCode:" + token.hashCode());
System.out.println("Principal:" + token.getPrincipal());
System.out.println("Credentials:" + String.valueOf((char[]) token.getCredentials()));
System.out.println("host:" + token.getHost());
System.out.println("Username:" + token.getUsername());
System.out.println("Password:" + String.valueOf(token.getPassword()));
// 执行登录.
currentUser.login(token);
}
// ... catch more exceptions here (maybe custom ones specific to your application?
// 所有认证时异常的父类.
catch (AuthenticationException ae) {
//unexpected condition? error?
System.out.println("login failed :" + ae.getMessage());
}
}
return "redirect:/index.jsp";
}

在这里打印了所有的UsernamePasswordToken的属性值

再在对应的Realm中打印一下接收的AuthenticationToken的所有属性值

一个简单的例子:

public class ShiroRealm extends AuthenticatingRealm {

    @Resource
private AdminService adminService; @Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("AuthenticationToken:");
System.out.println("hashCode:" + authenticationToken.hashCode());
System.out.println("Principal:" + authenticationToken.getPrincipal());
System.out.println("Credentials:" + authenticationToken.getCredentials().toString()); return null;
}
}

打印结果:

shiro框架的UsernamePasswordToken与对应Realm中的AuthenticationToken的一点比较

注意:

credentials这个属性,在UsernamePasswordToken中其实是个Object,查看源代码,getCredentials()方法返回的就是password

源代码,见图:

shiro框架的UsernamePasswordToken与对应Realm中的AuthenticationToken的一点比较

shiro框架的UsernamePasswordToken与对应Realm中的AuthenticationToken的一点比较

故,若要正确得到UsernamePasswordToken的password,可以将credentials转为char[]再String.valof()方法获得String。