学习张开涛老师的shiro教程中,很多东西理解不是太深刻,现在对源码进行一部分分析,来加深自己对这块的理解。
接口securityManager继承了其它的三个接口Authenticator(认证接口),Authorizer(授权接口),SessionManager(会话接口),现在对这四个接口进行分析:
1.securityManager定义的方法:
1.1.登录
Subject login(Subject subject, AuthenticationToken authenticationToken) throws AuthenticationException;
1.2.登出
void logout(Subject subject);
1.3.创建subject
Subject createSubject(SubjectContext context);
2.Authenticator定义的方法
2.1.认证方法
public AuthenticationInfo authenticate(AuthenticationToken authenticationToken)
throws AuthenticationException;
3.Authorizer定义的方法
3.1.是否拥有权限(返回boolean型)
boolean isPermitted(PrincipalCollection principals, String permission);
boolean isPermitted(PrincipalCollection subjectPrincipal, Permission permission);
boolean[] isPermitted(PrincipalCollection subjectPrincipal, String... permissions);
boolean[] isPermitted(PrincipalCollection subjectPrincipal, List<Permission> permissions);
boolean isPermittedAll(PrincipalCollection subjectPrincipal, String... permissions);
boolean isPermittedAll(PrincipalCollection subjectPrincipal, Collection<Permission> permissions);
3.2检测是否拥有权限(如果没有权限,会抛出异常)
void checkPermission(PrincipalCollection subjectPrincipal, String permission) throws AuthorizationException;
void checkPermission(PrincipalCollection subjectPrincipal, Permission permission) throws AuthorizationException;
void checkPermissions(PrincipalCollection subjectPrincipal, String... permissions) throws AuthorizationException;
void checkPermissions(PrincipalCollection subjectPrincipal, Collection<Permission> permissions) throws AuthorizationException;
3.3.是否拥有角色
boolean hasRole(PrincipalCollection subjectPrincipal, String roleIdentifier);
boolean[] hasRoles(PrincipalCollection subjectPrincipal, List<String> roleIdentifiers);
boolean hasAllRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers);
3.4.检测是否拥有角色(如果没有角色,会抛出异常)
void checkRole(PrincipalCollection subjectPrincipal, String roleIdentifier) throws AuthorizationException;
void checkRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers) throws AuthorizationException;
void checkRoles(PrincipalCollection subjectPrincipal, String... roleIdentifiers) throws AuthorizationException;
4.SessionManager定义的方法
4.1.创建session
Session start(SessionContext context);
4.2.根据session的key获取session
Session getSession(SessionKey key) throws SessionException;