我正在構建自己的AuthorizingRealm
子類,並且我有一個艱難的時間將它連接到我的SecurityManager
。書寫自定義Shiro區域
我境界的精髓:
public class MyRealm extends AuthorizingRealm {
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
try {
// My custom logic here
} catch(Throwable t) {
System.out.println(t.getMessage());
}
SimpleAuthenticationInfo authn = new SimpleAuthenticationInfo(new MyUser(), "somePassword");
return authn;
}
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
try {
// My custom logic here
} catch(Throwable t) {
System.out.println(t.getMessage());
}
return new SimpleAuthorizationInfo();
}
}
然後在我的 'shiro.ini':
# =======================
# Shiro INI configuration
# =======================
[main]
myRealm = com.me.myapp.security.MyRealm
然後在我的Driver類/ main方法(我使用用於測試) :
public class Driver {
public static void main(String[] args) {
Driver d = new Driver();
d.test();
}
public void test() {
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
UsernamePasswordToken token = new UsernamePasswordToken("", "");
token.setRememberMe(true);
System.out.println("Shiro props:");
System.out.println(securityManager.getProperties());
Subject currentUser = SecurityUtils.getSubject()
try {
currentUser.login(token)
println "I think this worked!"
} catch (UnknownAccountException uae) {
println "Exception: ${uae}"
} catch (IncorrectCredentialsException ice) {
println "Exception: ${ice}"
} catch (LockedAccountException lae) {
println "Exception: ${lae}"
} catch (ExcessiveAttemptsException eae) {
println "Exception: ${eae}"
} catch (AuthenticationException ae) {
println "Exception: ${ae}"
}
}
}
當我運行此我得到:
Shiro props:
[class:class org.apache.shiro.mgt.DefaultSecurityManager, cacheManager:null, subjectFactory:[email protected], authorizer:[email protected], realms:[[email protected]], subjectDAO:[email protected], rememberMeManager:null, authenticator:[email protected], sessionManager:[email protected]]
Exception: org.apache.shiro.authc.AuthenticationException: Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken - , rememberMe=true]. Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException).
所以它看起來像它讀取我的shiro.ini,因爲它提取了正確的領域,但MyRealm
不會做任何事情,除了存儲應該認證的虛擬用戶,不管提供的用戶名/密碼如何。任何想法,我要去哪裏錯誤?然後securityManager.realms = $myRealm
在Driver類
UsernamePasswordToken token = new UsernamePasswordToken("", "somePassword");
,而不是一個空passowrd:
感謝@Luca Rasconi,但您的建議不要改變任何東西(與我上面描述的行爲相同)。任何其他想法/想法?再次感謝! – smeeb 2014-12-28 09:45:43