登錄,註銷 - 一切正常,但我不知道如何註冊AuthenticationListener來記錄我的用戶。我如何在Shiro註冊AuthenticationListener
我與吉斯工作,我用我自己的DBSaltAwareRealm(公共類DBSaltAwareRealm擴展AuthorizingRealm)
THX
登錄,註銷 - 一切正常,但我不知道如何註冊AuthenticationListener來記錄我的用戶。我如何在Shiro註冊AuthenticationListener
我與吉斯工作,我用我自己的DBSaltAwareRealm(公共類DBSaltAwareRealm擴展AuthorizingRealm)
THX
好吧,我找到了另一種解決方案:
1.初始化您Guice-模塊照例:
public class ConfigServeletWithGuice extends GuiceServletContextListener {
...
@Override
protected Injector getInjector() {
final Injector injector = Guice.createInjector(new ServeletModule(), new BusinessLogicModule(),
new AuthenticationModule(_ctx), new ShiroAopModule(), ShiroWebModule.guiceFilterModule());
final SecurityManager securityManager = injector.getInstance(SecurityManager.class);
SecurityUtils.setSecurityManager(securityManager);
logger.debug("Creation of Injector - done!");
return injector;
}
}
2.克雷亞忒自己的安全管理器:
public class MyWebSecurityManager extends DefaultWebSecurityManager {
@SuppressWarnings("unused")
private static Logger logger = LoggerFactory.getLogger(MyWebSecurityManager.class.getSimpleName());
@Inject
private AuthenticationListener authenticationListener;
public MyWebSecurityManager() {
super();
}
@SuppressWarnings({"UnusedDeclaration"})
public MyWebSecurityManager(Realm singleRealm) {
this();
setRealm(singleRealm);
}
@SuppressWarnings({"UnusedDeclaration"})
public MyWebSecurityManager(Collection realms) {
this();
setRealms(realms);
}
@Override
protected void onSuccessfulLogin(final AuthenticationToken token, final AuthenticationInfo info, final Subject subject) {
super.onSuccessfulLogin(token, info, subject);
logger.debug("onSuccessfulLogin");
authenticationListener.onSuccess(token, info);
}
@Override
protected void onFailedLogin(final AuthenticationToken token, final AuthenticationException ae, final Subject subject) {
super.onFailedLogin(token, ae, subject);
logger.debug("onFailedLogin");
authenticationListener.onFailure(token,ae);
}
@Override
protected void beforeLogout(final Subject subject) {
super.beforeLogout(subject);
logger.debug("beforeLogout");
authenticationListener.onLogout(subject.getPrincipals());
}
}
3.最後,綁定自己的安全管理器:
public class AuthenticationModule extends ShiroWebModule {
static Logger logger = LoggerFactory.getLogger(AuthenticationModule.class.getSimpleName());
public AuthenticationModule(final ServletContext sc) {
super(sc);
}
@SuppressWarnings("unchecked")
@Override
protected void configureShiroWeb() {
logger.debug("Start to configure ShiroWeb...");
bind(AuthenticationListener.class).to(AuthenticationListenerImpl.class);
...
logger.debug("configuration ShiroWeb - done!");
}
@Override
// !!!!!! Here it comes:
protected void bindWebSecurityManager(final AnnotatedBindingBuilder bind) {
try {
bind.toConstructor(MyWebSecurityManager.class.getConstructor(Collection.class)).asEagerSingleton();
} catch (NoSuchMethodException e) {
throw new ConfigurationException("This really shouldn't happen. Either something has changed in Shiro, or there's a bug in ShiroModule.", e);
}
}
}
現在,重新啓動你應該會看到你的日誌消息後!
下面我將如何修改樣本 - 吉斯的SampleShiroServletModule在四郎項目:
public class SampleShiroServletModule extends ShiroWebModule {
@Override
protected void configureShiroWeb() {
....
final Multibinder<AuthenticationListener> listenerMultibinder = Multibinder.newSetBinder(binder(), AuthenticationListener.class);
listenerMultibinder.addBinding().to(MyAuthenticationListener.class);
}
@Override
protected void bindWebSecurityManager(final AnnotatedBindingBuilder<? super WebSecurityManager> bind) {
bind.to(DefaultWebSecurityManager.class);
}
@Provides
DefaultWebSecurityManager provideDefaultSecurityManager(final Collection<Realm> realms, final Set<AuthenticationListener> authenticationListeners) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(realms);
ModularRealmAuthenticator authenticator = new ModularRealmAuthenticator();
authenticator.setAuthenticationListeners(authenticationListeners);
securityManager.setAuthenticator(authenticator);
return securityManager;
}
}