Shiro核心类有哪些
导读:本文共3225字符,通常情况下阅读需要11分钟。同时您也可以点击右侧朗读,来听本文内容。按键盘←(左) →(右) 方向键可以翻页。
摘要: 一:SessionManager1.简介Shiro提供了完整的会话管理功能,不依赖底层容器,JavaSE应用和JavaEE应用都可以使用。SessionManager管理着应用中所有Subject的会话,包括会话的创建,维护,删除,失效,验证等工作。2.SessionManager接口Session start(SessionContext context); ... ...
目录
(为您整理了一些要点),点击可以直达。- (1):1.简介
- (4):2.SessionManager接口
- (8):3.AbstractSessionManager im
- (20): private boolean sessionIdC
- (21): 是否从Cookie中获取sessionId
- (22): private boolean sessionIdU
- (30):1.public interface Realm
- (35):1.public interface Subject
- (52):3.public class DelegatingSu
- (53): protected PrincipalCollect
- (54): protected boolean authenti
- (55): protected String host;
- (56): protected Session session;
- (57): protected boolean sessionC
- (58): protected transient Securi
- (75): private CacheManager cache
- (76): private EventBus eventBus;
- (90): protected RememberMeManag
- (92): protected SubjectDAO subj
- (93): Subject的持久化存储
- (94): protected SubjectFactory
- (95): 创建应用Subject的工厂
一:SessionManager
1.简介
Shiro提供了完整的会话管理功能,不依赖底层容器,JavaSE应用和JavaEE应用都可以使用。
SessionManager管理着应用中所有Subject的会话,包括会话的创建,维护,删除,失效,验证等工作。
2.SessionManager接口
Session start(SessionContext context); 基于指定的上下文初始化数据启动新会话
Session getSession(SessionKey key) throws SessionException;
根据指定的SessionKey检索会话,如果找不到则返回null。如果找到了会话,但会话但无效(已停止或已过期)则抛出SessionException异常。
3.AbstractSessionManager implements SessionManager
public void setGlobalSessionTimeout(long globalSessionTimeout)
设置全局Session的超时时间,默认为30分钟。设置为负数表示永远都不超时。
4.AbstractValidatingSessionManager extends AbstractNativeSessionManager
protected boolean sessionValidationSchedulerEnabled;
是否进行Session验证
protected long sessionValidationInterval;
Session验证的时间间隔,默认为一小时
5.public class DefaultSessionManager extends AbstractValidatingSessionManager
private boolean deleteInvalidSessions;
是否删除无效的Session
6.public class DefaultWebSessionManager extends DefaultSessionManager
private boolean sessionIdCookieEnabled;
是否从Cookie中获取sessionId
private boolean sessionIdUrlRewritingEnabled;
二:AuthenticationToken
AuthenticationToken 用于收集用户提交的身份(如用户名)及凭据(如密码)。Shiro会调用CredentialsMatcher对象的
doCredentialsMatch方法对AuthenticationInfo对象和AuthenticationToken进行匹配。匹配成功则表示主体(Subject)认证成功,否则表示认证失败。
一般情况下UsernamePasswordToken已经可以满足我们的大我数需求。当我们遇到需要声明自己的Token类时,可以根据需求来实现AuthenticationToken,
HostAuthenticationToken或RememberMeAuthenticationToken。
三:Realm
Realm是安全验证数据的数据源。
1.public interface Realm
String getName();
boolean supports(AuthenticationToken token);
AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException;
四:Subject与SubjectFactory
1.public interface Subject
一个Subject代表着应用的一个用户。
Object getPrincipal();
Subject的唯一标识,比如用户名,用户ID,手机号等
PrincipalCollection getPrincipals();
boolean isPermitted(String permission);
boolean isPermitted(Permission permission);
boolean[] isPermitted(String... permissions);
boolean[] isPermitted(List<Permission> permissions);
void checkPermission(String permission) throws AuthorizationException;
void checkRole(String roleIdentifier) throws AuthorizationException;
void login(AuthenticationToken token) throws AuthenticationException;
boolean isAuthenticated();
boolean isRemembered();
2.public interface WebSubject extends Subject, RequestPairSource
ServletRequest getServletRequest();
ServletResponse getServletResponse();
3.public class DelegatingSubject implements Subject
protected PrincipalCollection principals;
protected boolean authenticated;
protected String host;
protected Session session;
protected boolean sessionCreationEnabled;
protected transient SecurityManager securityManager;
4.public class WebDelegatingSubject extends DelegatingSubject implements WebSubject
5.public interface SubjectContext extends Map<String, Object>
SubjectContext 将构建Subject的所有属性都组织到一起,然后传递给一个SubjectFactory,用于构成一个Subject.
6.public interface SubjectFactory
Subject createSubject(SubjectContext context);
创建Subject
7.public class DefaultSubjectFactory implements SubjectFactory
8.public class DefaultWebSubjectFactory extends DefaultSubjectFactory
五:SecurityManager
1.public interface SecurityManager extends Authenticator, Authorizer, SessionManager
Subject login(Subject subject, AuthenticationToken authenticationToken) throws AuthenticationException;
登录
void logout(Subject subject);
登出
Subject createSubject(SubjectContext context);
2.public abstract class CachingSecurityManager implements SecurityManager, Destroyable, CacheManagerAware, EventBusAware
private CacheManager cacheManager;
private EventBus eventBus;
3.public abstract class RealmSecurityManager extends CachingSecurityManager
private Collection<Realm> realms;
权限集合realms
4.public abstract class AuthenticatingSecurityManager extends RealmSecurityManager
private Authenticator authenticator;
SecurityManager用于身份验证操作的具体实例
5.public abstract class AuthorizingSecurityManager extends AuthenticatingSecurityManager
private Authorizer authorizer;
SecurityManager用于授权操作的具体实例
6.public abstract class SessionsSecurityManager extends AuthorizingSecurityManager
private SessionManager sessionManager;
SecurityManager用于管理所有Session的具体实例。
7.public class DefaultSecurityManager extends SessionsSecurityManager
protected RememberMeManager rememberMeManager;
记着引用中与当前Subject关联的Seeion,免重新登录
protected SubjectDAO subjectDAO;
Subject的持久化存储
protected SubjectFactory subjectFactory;
创建应用Subject的工厂
8.public class DefaultWebSecurityManager extends DefaultSecurityManager implements WebSecurityManager
boolean isHttpSessionMode();
是否使用Servlet 容器的HttpSession
Shiro核心类有哪些的详细内容,希望对您有所帮助,信息来源于网络。