(1)//1. Get the SecurityManager factory. Use the Ini configuration file to initialize the SecurityManager.
##Factory factory = new IniSecurityManagerFactory(" classpath:shiro.ini")
2. The class structure of the factory class is:
(3)The abstractFactory class mainly sets whether it is a singleton
(4)iniFactorySupport is an object created by supporting ini settings
(5)iniSecuritymanagerFactory is the implementation class of securityManager created in ini method
(2)//2. Get the SecurityManager instance and bind it to SecurityUtilsorg.apache.shiro.mgt.SecurityManagersecurityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
(1) Create a Securitymanager object through the created Ini object
1 IniSecurityManagerFactory类:2 creatSecuritymanager(ini){3 SecurityManager securityManager = createSecurityManager(ini);4 return securityManager;5 }Copy after login
(2) Create a Securitymanager through the created Ini object Object
1 private SecurityManager createSecurityManager(Ini ini) { 2 //null 3 Ini.Section mainSection = ini.getSection(MAIN_SECTION_NAME); 4 if (CollectionUtils.isEmpty(mainSection)) { 5 6 //try the default: null 7 mainSection = ini.getSection(Ini.DEFAULT_SECTION_NAME); 8 } 9 return createSecurityManager(ini, mainSection);10 }Copy after login
(3) Create Securitymanager
through the ini object and main module mainSession
1 private SecurityManager createSecurityManager(Ini ini, Ini.Section mainSection) { 2 //{securityManager=DefaultSecurityManager,iniRealm=IniRealm} 3 Map defaults = createDefaults(ini, mainSection); 4 Map objects = buildInstances(mainSection, defaults); 5 6 SecurityManager securityManager = getSecurityManagerBean(); 7 boolean autoApplyRealms = isAutoApplyRealms(securityManager); 8 if (autoApplyRealms) { 9 //realms and realm factory might have been created - pull them out first so we can initialize the securityManager:10 Collection realms = getRealms(objects);11 //set them on the SecurityManager12 if (!CollectionUtils.isEmpty(realms)) {13 applyRealmsToSecurityManager(realms, securityManager);14 }15 }16 return securityManager;17 }Copy after login
(4) Set the association between objects through mainSession and the default object object
1 private Map buildInstances(Ini.Section section, Map defaults) { 2 this.builder = new ReflectionBuilder(defaults); 3 return this.builder.buildObjects(section); 4 } 5 //类ReflectionBuilder 6 //通过mainSection创建对象并关联 7 public Map buildObjects(Map kvPairs) { 8 ..... 9 LifecycleUtils.init(objects.values());10 }Copy after login
(5) Because IniRealm implements Initializable, initialize the IniRealm object
1 //类IniRealm 2 private void processDefinitions(Ini ini) { 3 Ini.Section usersSection = ini.getSection(USERS_SECTION_NAME); 4 processUserDefinitions(usersSection); 5 } 6 //通过userSection解析user模块 7 protected void processUserDefinitions(Map userDefs) { 8 for (String username : userDefs.keySet()) { 9 ........10 account = new SimpleAccount(username, password, getName());11 add(account);12 ........13 }14 }15 protected void add(SimpleAccount account) {16 String username = getUsername(account);17 USERS_LOCK.writeLock().lock();18 try {19 this.users.put(username, account);20 }finally {21 USERS_LOCK.writeLock().unlock();22 }Copy after login
The class structure of IniRealm is:
The structure of simpleAccount is:
##At this point, the object association is created. The initialization of IniRealm is completed! Next, look at the structure diagram of DefaultSecurityManager:
##(7) Set the realm attribute of DefaultSecurityManager: 1 applyRealmsToSecurityManager(realms, securityManager){2 ((RealmSecurityManager) securityManager).setRealms(realms);3 }4 //在类RealmSecurityManager中5 public void setRealms(Collection realms) {6 this.realms = realms;7 afterRealmsSet();8 }Copy after login
Note:
afterRealmsSet(); is mainly used to set the realm attributes of authenticator and authorizer:
At this point, the properties of DefaultSecurityManager are set Complete and return the DefaultSecurityManager object
//3. Obtain the Subject and create the username/password authentication Token (i.e. user identity/credential)
Subject subject = SecurityUtils.getSubject();
##1 //获取主题对象 2 public static Subject getSubject() {3 Subject subject = ThreadContext.getSubject();//第一次null4 if (subject == null) {5 subject = (new Subject.Builder()).buildSubject();6 ThreadContext.bind(subject);7 }8 return subject;9 }Copy after login
(1) Code analysis: Use the builder pattern to create objects:
1 public static class Builder{ 2 SubjectContext subjectContext; 3 SecurityManager securityManager; 4 public Builder(SecurityManager securityManager) { 5 if (securityManager == null) { 6 throw new NullPointerException("SecurityManager method argument cannot be null."); 7 } 8 this.securityManager = securityManager; 9 this.subjectContext = newSubjectContextInstance();//DefaultSubjectContext(初始化一个backMap集合)10 if (this.subjectContext == null) {11 throw new IllegalStateException("Subject instance returned from 'newSubjectContextInstance' " +12 "cannot be null.");13 }14 this.subjectContext.setSecurityManager(securityManager);15 }16 public Subject buildSubject() {17 return this.securityManager.createSubject(this.subjectContext);18 }19 }Copy after login
(2) Use the theme context to create a theme
1 public Subject createSubject(SubjectContext subjectContext) { 2 //create a copy so we don't modify the argument's backing map: 3 SubjectContext context = copy(subjectContext); 4 5 //ensure that the context has a SecurityManager instance, and if not, add one: 6 context = ensureSecurityManager(context);//DefaultSubjectContext.backMap.put(SecurityManage) 7 8 //Resolve an associated Session (usually based on a referenced session ID), and place it in the context before 9 //sending to the SubjectFactory. The SubjectFactory should not need to know how to acquire sessions as the10 //process is often environment specific - better to shield the SF from these details:11 context = resolveSession(context);12 13 //Similarly, the SubjectFactory should not require any concept of RememberMe - translate that here first14 //if possible before handing off to the SubjectFactory:15 context = resolvePrincipals(context);16 17 Subject subject = doCreateSubject(context);18 19 //save this subject for future reference if necessary:20 //(this is needed here in case rememberMe principals were resolved and they need to be stored in the21 //session, so we don't constantly rehydrate the rememberMe PrincipalCollection on every operation).22 //Added in 1.2:23 save(subject);24 25 return subject;26 }Copy after login
(3) Create subject object through theme
protected Subject doCreateSubject(SubjectContext context) {return getSubjectFactory().createSubject(context);
}Copy after login
(4)DefaultSubjectFactory创建主题对象:
1 public Subject createSubject(SubjectContext context) { 2 SecurityManager securityManager = context.resolveSecurityManager(); 3 Session session = context.resolveSession(); 4 boolean sessionCreationEnabled = context.isSessionCreationEnabled(); 5 PrincipalCollection principals = context.resolvePrincipals(); 6 boolean authenticated = context.resolveAuthenticated(); 7 String host = context.resolveHost(); 8 9 return new DelegatingSubject(principals, authenticated, host, session, sessionCreationEnabled, securityManager);10 }Copy after login
The above is the detailed content of Detailed introduction of shiro source code. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
