ApplicationContext.xml文件配置
<bean id="MShiroRealm" class="com.windoer.tz.shiro.ShiroRealm">bean>
<bean id="UserOpenIdRealm" class="com.windoer.tz.shiro.ShiroUserOpenIdRealm">bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="sessionManager" ref="ShiroSessionManager"/>
<property name="authenticator" ref="myModularRealmAuthenticator">property>
<property name="realms">
<list>
<ref bean="MShiroRealm"/>
<ref bean="UserOpenIdRealm"/>
list>
property>
bean>
<bean id="myModularRealmAuthenticator" class="com.windoer.tz.shiro.MyModularRealmAuthenticator">
<property name="authenticationStrategy">
<bean class="com.windoer.tz.shiro.MyAtLeastOneSuccessfulStrategy">bean>
property>
bean>
<bean id="ShiroSessionManager" class="com.windoer.tz.shiro.ShiroSessionManager">
<property name="deleteInvalidSessions" value="true"/>
<property name="sessionIdCookieEnabled" value="true"/>
<property name="sessionIdCookie" ref="sessionIdCookie"/>
<property name="sessionValidationInterval" value="3000000"/>
<property name="sessionValidationSchedulerEnabled" value="true"/>
bean>
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<property name="name" value="freeway.session.id"/>
<property name="path" value=""/>
<property name="httpOnly" value="false"/>
bean>
<bean id="shiroFilter" class="com.windoer.tz.shiro.MyShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login" />
<property name="successUrl" value="/index" />
<property name="unauthorizedUrl" value="/login" />
<property name="filterChainDefinitions">
<value>
/= anon
/assets/login/** = anon
/to_login/** = anon
/applet_login/** = anon
/** = authc
value>
property>
bean>
MyAtLeastOneSuccessfulStrategy
public class MyAtLeastOneSuccessfulStrategy extends AtLeastOneSuccessfulStrategy {
@Override
public AuthenticationInfo afterAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo singleRealmInfo, AuthenticationInfo aggregateInfo, Throwable t) throws AuthenticationException {
if(t instanceof AuthenticationException){
throw (AuthenticationException)t;
}
return super.afterAttempt(realm, token, singleRealmInfo, aggregateInfo, t);
}
public static void main(String[] args) {
Provider[] providers = Security.getProviders();
System.out.println(providers);
}
}
MyModularRealmAuthenticator
public class MyModularRealmAuthenticator extends ModularRealmAuthenticator {
private static final Logger log = LoggerFactory.getLogger(MyModularRealmAuthenticator.class);
@Override
protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
// TODO Auto-generated method stub
// 判断getRealms()是否返回为空
assertRealmsConfigured();
// 强制转换回自定义的CustomizedToken
if(authenticationToken instanceof UserOpenIDToken){
UserOpenIDToken userOpenIDToken = (UserOpenIDToken) authenticationToken;
// 所有Realm
Collection<Realm> realms = getRealms();
// 判断是单Realm还是多Realm
if (realms.size() == 1)
return doSingleRealmAuthentication(realms.iterator().next(), userOpenIDToken);
else
return doMultiRealmAuthentication(realms, userOpenIDToken);
}else{
UsernamePasswordToken userOpenIDToken = (UsernamePasswordToken) authenticationToken;
// 所有Realm
Collection<Realm> realms = getRealms();
// 判断是单Realm还是多Realm
if (realms.size() == 1)
return doSingleRealmAuthentication(realms.iterator().next(), userOpenIDToken);
else
return doMultiRealmAuthentication(realms, userOpenIDToken);
}
}
/**
* 重写该方法保证异常正确抛出,需要多个Realm支持不同Token,否则会出现异常覆盖
*/
@Override
protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {
AuthenticationStrategy strategy = getAuthenticationStrategy();
AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);
if (log.isTraceEnabled()) {
log.trace("Iterating through {} realms for PAM authentication", realms.size());
}
for (Realm realm : realms) {
aggregate = strategy.beforeAttempt(realm, token, aggregate);
if (realm.supports(token)) {
log.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm);
AuthenticationInfo info = null;
Throwable t = null;
try {
info = realm.getAuthenticationInfo(token);
} catch (Throwable throwable) {
t = throwable;
// throwable.printStackTrace();
if (log.isDebugEnabled()) {
String msg = "Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:";
log.debug(msg, t);
}
}
aggregate = strategy.afterAttempt(realm, token, info, aggregate, t);
} else {
log.debug("Realm [{}] does not support token {}. Skipping realm.", realm, token);
}
}
aggregate = strategy.afterAllAttempts(token, aggregate);
return aggregate;
}
}
自定义 ShiroUserOpenIdRealm
public class ShiroUserOpenIdRealm extends AuthorizingRealm {
@Resource
UserService userService;
// 认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UserOpenIDToken token = null;
// 如果是PhoneToken,则强转,获取phone;否则不处理。
if(authenticationToken instanceof UserOpenIDToken){
token = (UserOpenIDToken) authenticationToken;
}else{
return null;
}
String openId = (String) token.getPrincipal();
PageData pd=new PageData();
pd.put("OPEN_ID",openId);
PageData user = userService.getUserByOpenID(pd);
if (user == null) {
return null;
}
System.out.println(this.getName());
return new SimpleAuthenticationInfo(user, "ok", this.getName());
}
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
public boolean supports(AuthenticationToken var1){
return var1 instanceof UserOpenIDToken;
}
}
自定义UserOpenIDToken
public class UserOpenIDToken extends UsernamePasswordToken implements Serializable {
/**
*
*/
private static final long serialVersionUID = 4812793519945855483L;
private String openId;
/**
* 重写getPrincipal方法
*/
public Object getPrincipal() {
// TODO Auto-generated method stub
// 如果获取到用户名,则返回用户名,否则返回openid
if (openId == null) {
return getUsername();
} else {
return getOpenId();
}
}
/**
* 重写getCredentials方法
*/
public Object getCredentials() {
// TODO Auto-generated method stub
// 如果获取到密码,则返回密码,否则返回null
if (openId == null) {
return getPassword();
} else {
return "ok";
}
}
public UserOpenIDToken() {
// TODO Auto-generated constructor stub
}
public UserOpenIDToken(final String openId) {
// TODO Auto-generated constructor stub
this.openId = openId;
}
public UserOpenIDToken(final String userName, final String password) {
// TODO Auto-generated constructor stub
super(userName, password);
}
public String getOpenId() {
return openId;
}
public void setOpenId(String openId) {
this.openId = openId;
}
public static long getSerialversionuid() {
return serialVersionUID;
}
@Override
public String toString() {
return "OpenIdToken [openId=" + openId + "]";
}
}
使用openid登录
private PageData loginByOpenid(String openId,Session session) {
PageData logPd=new PageData();
String errInfo = null;
// shiro加入身份验证
Subject subject = SecurityUtils.getSubject();
UserOpenIDToken token = new UserOpenIDToken(openId);
try {
subject.login(token);
String uToken=subject.getSession().getId().toString();
logPd.put("token",uToken);
} catch (AuthenticationException e) {
e.printStackTrace();
errInfo = "身份验证失败!";
}
logPd.put("errInfo",errInfo);
return logPd;
}