Home  >  Article  >  Java  >  Detailed introduction of shiro source code

Detailed introduction of shiro source code

零下一度
零下一度Original
2017-07-26 16:36:441927browse
(1)//1. Get the SecurityManager factory. Use the Ini configuration file to initialize the SecurityManager.
##Factory factory = new IniSecurityManagerFactory(" classpath:shiro.ini")
2. The class structure of the factory class is:

(3)The abstractFactory class mainly sets whether it is a singleton

(4)iniFactorySupport is an object created by supporting ini settings

(5)iniSecuritymanagerFactory is the implementation class of securityManager created in ini method

(2)//2. Get the SecurityManager instance and bind it to SecurityUtils
org.apache.shiro.mgt.SecurityManagersecurityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
(1) Create a Securitymanager object through the created Ini object
1  IniSecurityManagerFactory类:2      creatSecuritymanager(ini){3      SecurityManager securityManager = createSecurityManager(ini);4      return securityManager;5  }

(2) Create a Securitymanager through the created Ini object Object
 1 private SecurityManager createSecurityManager(Ini ini) { 2 //null 3 Ini.Section mainSection = ini.getSection(MAIN_SECTION_NAME); 4 if (CollectionUtils.isEmpty(mainSection)) { 5  6 //try the default: null 7 mainSection = ini.getSection(Ini.DEFAULT_SECTION_NAME); 8 } 9  return createSecurityManager(ini, mainSection);10  }

(3) Create Securitymanager

through the ini object and main module mainSession
 1 private SecurityManager createSecurityManager(Ini ini, Ini.Section mainSection) { 2 //{securityManager=DefaultSecurityManager,iniRealm=IniRealm}   3 Map defaults = createDefaults(ini, mainSection); 4 Map objects = buildInstances(mainSection, defaults); 5  6 SecurityManager securityManager = getSecurityManagerBean(); 7 boolean autoApplyRealms = isAutoApplyRealms(securityManager); 8 if (autoApplyRealms) { 9 //realms and realm factory might have been created - pull them out first  so we can initialize the securityManager:10  Collection realms = getRealms(objects);11  //set them on the SecurityManager12  if (!CollectionUtils.isEmpty(realms)) {13          applyRealmsToSecurityManager(realms, securityManager);14            }15         }16        return securityManager;17     }
(4) Set the association between objects through mainSession and the default object object
 1 private Map buildInstances(Ini.Section section, Map defaults) { 2      this.builder = new ReflectionBuilder(defaults); 3      return this.builder.buildObjects(section); 4      } 5 //类ReflectionBuilder 6 //通过mainSection创建对象并关联 7  public Map buildObjects(Map kvPairs) { 8   ..... 9  LifecycleUtils.init(objects.values());10 }
(5) Because IniRealm implements Initializable, initialize the IniRealm object
 1 //类IniRealm 2 private void processDefinitions(Ini ini) { 3  Ini.Section usersSection = ini.getSection(USERS_SECTION_NAME); 4  processUserDefinitions(usersSection); 5 } 6 //通过userSection解析user模块 7  protected void processUserDefinitions(Map userDefs) { 8       for (String username : userDefs.keySet()) { 9          ........10       account = new SimpleAccount(username, password, getName());11       add(account);12         ........13        }14  }15 protected void add(SimpleAccount account) {16    String username = getUsername(account);17    USERS_LOCK.writeLock().lock();18    try {19     this.users.put(username, account);20    }finally {21     USERS_LOCK.writeLock().unlock();22 }
The class structure of IniRealm is:

The structure of simpleAccount is:
##At this point, the object association is created. The initialization of IniRealm is completed! Next, look at the structure diagram of DefaultSecurityManager:
##(7) Set the realm attribute of DefaultSecurityManager:
1  applyRealmsToSecurityManager(realms, securityManager){2     ((RealmSecurityManager) securityManager).setRealms(realms);3 }4 //在类RealmSecurityManager中5 public void setRealms(Collection realms) {6    this.realms = realms;7    afterRealmsSet();8 }
Note:
afterRealmsSet(); is mainly used to set the realm attributes of authenticator and authorizer:

At this point, the properties of DefaultSecurityManager are set Complete and return the DefaultSecurityManager object
//3. Obtain the Subject and create the username/password authentication Token (i.e. user identity/credential)
Subject subject = SecurityUtils.getSubject();
##
1 //获取主题对象 2 public static Subject getSubject() {3     Subject subject = ThreadContext.getSubject();//第一次null4     if (subject == null) {5        subject = (new Subject.Builder()).buildSubject();6        ThreadContext.bind(subject);7         }8       return subject;9 }
(1) Code analysis: Use the builder pattern to create objects:

 1 public static class Builder{ 2        SubjectContext subjectContext; 3        SecurityManager securityManager; 4         public Builder(SecurityManager securityManager) { 5             if (securityManager == null) { 6                 throw new NullPointerException("SecurityManager method argument cannot be null."); 7             } 8             this.securityManager = securityManager; 9             this.subjectContext = newSubjectContextInstance();//DefaultSubjectContext(初始化一个backMap集合)10             if (this.subjectContext == null) {11                 throw new IllegalStateException("Subject instance returned from 'newSubjectContextInstance' " +12                         "cannot be null.");13             }14             this.subjectContext.setSecurityManager(securityManager);15         }16        public Subject buildSubject() {17             return this.securityManager.createSubject(this.subjectContext);18         }19 }

(2) Use the theme context to create a theme

 1   public Subject createSubject(SubjectContext subjectContext) { 2         //create a copy so we don't modify the argument's backing map: 3         SubjectContext context = copy(subjectContext); 4  5         //ensure that the context has a SecurityManager instance, and if not, add one: 6         context = ensureSecurityManager(context);//DefaultSubjectContext.backMap.put(SecurityManage) 7  8         //Resolve an associated Session (usually based on a referenced session ID), and place it in the context before 9         //sending to the SubjectFactory.  The SubjectFactory should not need to know how to acquire sessions as the10         //process is often environment specific - better to shield the SF from these details:11         context = resolveSession(context);12 13         //Similarly, the SubjectFactory should not require any concept of RememberMe - translate that here first14         //if possible before handing off to the SubjectFactory:15         context = resolvePrincipals(context);16 17         Subject subject = doCreateSubject(context);18 19         //save this subject for future reference if necessary:20         //(this is needed here in case rememberMe principals were resolved and they need to be stored in the21         //session, so we don't constantly rehydrate the rememberMe PrincipalCollection on every operation).22         //Added in 1.2:23         save(subject);24 25         return subject;26     }

(3) Create subject object through theme

 protected Subject doCreateSubject(SubjectContext context) {return getSubjectFactory().createSubject(context);
    }

 

(4)DefaultSubjectFactory创建主题对象:
 1    public Subject createSubject(SubjectContext context) { 2         SecurityManager securityManager = context.resolveSecurityManager(); 3         Session session = context.resolveSession(); 4         boolean sessionCreationEnabled = context.isSessionCreationEnabled(); 5         PrincipalCollection principals = context.resolvePrincipals(); 6         boolean authenticated = context.resolveAuthenticated(); 7         String host = context.resolveHost(); 8 9         return new DelegatingSubject(principals, authenticated, host, session, sessionCreationEnabled, securityManager);10     }

The above is the detailed content of Detailed introduction of shiro source code. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Eclipse operation summaryNext article:Eclipse operation summary