shiro:DefaultWebSecurityManager详解

x33g5p2x  于2021-10-18 转载在 其他  
字(6.0k)|赞(0)|评价(0)|浏览(632)

1.DefaultWebSecurityManager介绍

DefaultWebSecurityManager类主要定义了设置subjectDao,获取会话模式,设置会话模式,设置会话管理器,是否是http会话模式等操作,它继承了DefaultSecurityManager类,实现了WebSecurityManager接口

2.WebSecurityManager接口

public interface WebSecurityManager extends SecurityManager {
    boolean isHttpSessionMode();
}

WebSecurityManager接口里面只有一个方法,定义了是否http会话模式

3.DefaultSecurityManager类

查看DefaultSecurityManager类源码解析,里面主要定义了登录,创建subject,登出等操作

4.DefaultWebSecurityManager类

1.数据属性
@Deprecated
    public static final String HTTP_SESSION_MODE = "http";
    @Deprecated
    public static final String NATIVE_SESSION_MODE = "native";
    @Deprecated
    private String sessionMode;
2.构造方法
public DefaultWebSecurityManager() {
        ((DefaultSubjectDAO)this.subjectDAO).setSessionStorageEvaluator(new DefaultWebSessionStorageEvaluator());
        this.sessionMode = "http";
        this.setSubjectFactory(new DefaultWebSubjectFactory());
        this.setRememberMeManager(new CookieRememberMeManager());
        this.setSessionManager(new ServletContainerSessionManager());
    }

    public DefaultWebSecurityManager(Realm singleRealm) {
        this();
        this.setRealm(singleRealm);
    }

    public DefaultWebSecurityManager(Collection<Realm> realms) {
        this();
        this.setRealms(realms);
    }
3.构造subject上下文
protected SubjectContext createSubjectContext() {
        return new DefaultWebSubjectContext();
    }
4.设置subjectDao并给session存储执行器设置会话管理器
public void setSubjectDAO(SubjectDAO subjectDAO) {
        super.setSubjectDAO(subjectDAO);
        this.applySessionManagerToSessionStorageEvaluatorIfPossible();
    }
5.设置完会话管理器后的操作(设置完会话管理器,并给session存储执行器设置会话管理器)
protected void afterSessionManagerSet() {
        super.afterSessionManagerSet();
        this.applySessionManagerToSessionStorageEvaluatorIfPossible();
    }
6.给session存储执行器设置会话管理器
private void applySessionManagerToSessionStorageEvaluatorIfPossible() {
    SubjectDAO subjectDAO = this.getSubjectDAO();
    if (subjectDAO instanceof DefaultSubjectDAO) {
        SessionStorageEvaluator evaluator = ((DefaultSubjectDAO)subjectDAO).getSessionStorageEvaluator();
        if (evaluator instanceof DefaultWebSessionStorageEvaluator) {
            ((DefaultWebSessionStorageEvaluator)evaluator).setSessionManager(this.getSessionManager());
        }
    }

}
7.拷贝上下文环境(它覆盖了DefaultSecurityManager类的方法)
protected SubjectContext copy(SubjectContext subjectContext) {
        return (SubjectContext)(subjectContext instanceof WebSubjectContext ? new DefaultWebSubjectContext((WebSubjectContext)subjectContext) : super.copy(subjectContext));
    }
8.获取session模式
public String getSessionMode() {
        return this.sessionMode;
    }
9.根据session模式创建servletContainerSessionManager或者DefaultWebSessionManager
public void setSessionMode(String sessionMode) {
        log.warn("The 'sessionMode' property has been deprecated. Please configure an appropriate WebSessionManager instance instead of using this property. This property/method will be removed in a later version.");
        if (sessionMode == null) {
            throw new IllegalArgumentException("sessionMode argument cannot be null.");
        } else {
            String mode = sessionMode.toLowerCase();
            if (!"http".equals(mode) && !"native".equals(mode)) {
                String msg = "Invalid sessionMode [" + sessionMode + "]. Allowed values are " + "public static final String constants in the " + this.getClass().getName() + " class: '" + "http" + "' or '" + "native" + "', with '" + "http" + "' being the default.";
                throw new IllegalArgumentException(msg);
            } else {
                boolean recreate = this.sessionMode == null || !this.sessionMode.equals(mode);
                this.sessionMode = mode;
                if (recreate) {
                    LifecycleUtils.destroy(this.getSessionManager());
                    SessionManager sessionManager = this.createSessionManager(mode);
                    this.setInternalSessionManager(sessionManager);
                }

            }
        }
    }
10.设置会话管理器(它覆盖了DefaultSecurityManager的方法)
public void setSessionManager(SessionManager sessionManager) {
        this.sessionMode = null;
        if (sessionManager != null && !(sessionManager instanceof WebSessionManager) && log.isWarnEnabled()) {
            String msg = "The " + this.getClass().getName() + " implementation expects SessionManager instances " + "that implement the " + WebSessionManager.class.getName() + " interface. The " + "configured instance is of type [" + sessionManager.getClass().getName() + "] which does not " + "implement this interface.. This may cause unexpected behavior.";
            log.warn(msg);
        }

        this.setInternalSessionManager(sessionManager);
    }
11.设置会话管理器
private void setInternalSessionManager(SessionManager sessionManager) {
        super.setSessionManager(sessionManager);
    }
12.判断是否是http会话模式(它实现了WebSecurityManager接口的方法)
public boolean isHttpSessionMode() {
        SessionManager sessionManager = this.getSessionManager();
        return sessionManager instanceof WebSessionManager && ((WebSessionManager)sessionManager).isServletContainerSessions();
    }
13.根据会话模式创建会话管理器(它覆盖了DefaultSecurityManager类的方法)
protected SessionContext createSessionContext(SubjectContext subjectContext) {
        SessionContext sessionContext = super.createSessionContext(subjectContext);
        if (subjectContext instanceof WebSubjectContext) {
            WebSubjectContext wsc = (WebSubjectContext)subjectContext;
            ServletRequest request = wsc.resolveServletRequest();
            ServletResponse response = wsc.resolveServletResponse();
            DefaultWebSessionContext webSessionContext = new DefaultWebSessionContext((Map)sessionContext);
            if (request != null) {
                webSessionContext.setServletRequest(request);
            }

            if (response != null) {
                webSessionContext.setServletResponse(response);
            }
            sessionContext = webSessionContext;
        }
        return (SessionContext)sessionContext;
    }
14.根据subject上下文获取会话key(它覆盖了DefaultSecurityManager类的方法)
protected SessionKey getSessionKey(SubjectContext context) {
        if (WebUtils.isWeb(context)) {
            Serializable sessionId = context.getSessionId();
            ServletRequest request = WebUtils.getRequest(context);
            ServletResponse response = WebUtils.getResponse(context);
            return new WebSessionKey(sessionId, request, response);
        } else {
            return super.getSessionKey(context);
        }
    }
15.退出登录之前的操作(它覆盖了DefaultSecurityManager类的方法)
protected void beforeLogout(Subject subject) {
        super.beforeLogout(subject);
        this.removeRequestIdentity(subject);
    }
16.移除身份信息
protected void removeRequestIdentity(Subject subject) {
        if (subject instanceof WebSubject) {
            WebSubject webSubject = (WebSubject)subject;
            ServletRequest request = webSubject.getServletRequest();
            if (request != null) {
                request.setAttribute(ShiroHttpServletRequest.IDENTITY_REMOVED_KEY, Boolean.TRUE);
            }
        }

    }

相关文章