Subject 认证主体

subject就是指当前执行的用户。

Subject 认证主体包含两个信息：

Principals：身份，可以是用户名，邮件，手机号码等等，用来标识一个登录主体身份；

Credentials：凭证，常见有密码，数字证书等等

身份认证流程

详见文档：

shiro_02_身份认证Subject 认证主体身份认证流程Realm

Subject表示当前用户，调用.login方法，将凭证交给Security Manager，这个Security Manager是通过读取shiro.ini文件获取到factory,再通过factory获得的实体，也要将该security Manager实例，绑定到securityUtils,然后调用Authenticator,通过一定策略读取Realm里面的安全数据。

shiro_02_身份认证Subject 认证主体身份认证流程Realm

Realm

Realm：意思是域，Shiro 从 Realm 中获取验证数据；

Realm 有很多种类，例如常见的 jdbcrealm，jndirealm，text realm。

前面我们是通过text realm读取的，当然开发是不会采用这种方式的，接下来主要介绍jdbcrealm:

我们要通过代码，来配置jdbcRealm.ini:

[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
dataSource=com.mchange.v2.c3p0.ComboPooledDataSource
dataSource.driverClass=com.mysql.jdbc.Driver
dataSource.jdbcUrl=jdbc:mysql://localhost:3306/db_shiro
dataSource.user=root
dataSource.password=123456
jdbcRealm.dataSource=$dataSource
securityManager.realm=$jdbcRealm

[main]表示是通过的代码，首先要获取jdbcrealm,将数据池注入给里面的dataSourse属性。

数据池采用的C3P0数据池，一样的语法，首先获取到c3p0里面的dateSourse,将数据库配置注入给dataScource里面的属性driverClass,jdbcUrl,user,password.

并将dataScource对象赋给jdbcRealm的dataScource,对象要采用$来取。

在把jdbcRealm对象给securityManager,这样securityManager就有了一个Realm,securityManager也可以得到多个Realm.

//读取配置文件，初始化SecurityManager工厂
		Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:jdbc_realm.ini");
		//获取SecurityManager实例
		SecurityManager securityManager = factory.getInstance();
		//把securityManager实例绑定到SecurityUtils
		SecurityUtils.setSecurityManager(securityManager);
		//创建Token令牌，用户/密码
		UsernamePasswordToken token = new UsernamePasswordToken("java","1234");
		//得到当前执行的用户
		Subject currentUser = SecurityUtils.getSubject();
		try {
			//身份认证
			currentUser.login(token);
			System.out.println("身份认证成功！");
		}catch(AuthenticationException e) {
			e.printStackTrace();
			System.out.println("身份认证失败！");
		}
		currentUser.logout();
	}

整个过程的记录：

2018-08-18 19:13:33,336 DEBUG [org.apache.shiro.io.ResourceUtils] - Opening resource from class path [jdbc_realm.ini] 
2018-08-18 19:13:33,363 DEBUG [org.apache.shiro.config.Ini] - Parsing [main] 
2018-08-18 19:13:33,366 TRACE [org.apache.shiro.config.Ini] - Discovered key/value pair: jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm 
2018-08-18 19:13:33,366 TRACE [org.apache.shiro.config.Ini] - Discovered key/value pair: dataSource=com.mchange.v2.c3p0.ComboPooledDataSource 
2018-08-18 19:13:33,366 TRACE [org.apache.shiro.config.Ini] - Discovered key/value pair: dataSource.driverClass=com.mysql.jdbc.Driver 
2018-08-18 19:13:33,366 TRACE [org.apache.shiro.config.Ini] - Discovered key/value pair: dataSource.jdbcUrl=jdbc:mysql://localhost:3306/db_shiro 
2018-08-18 19:13:33,366 TRACE [org.apache.shiro.config.Ini] - Discovered key/value pair: dataSource.user=root 
2018-08-18 19:13:33,367 TRACE [org.apache.shiro.config.Ini] - Discovered key/value pair: dataSource.password=123456 
2018-08-18 19:13:33,367 TRACE [org.apache.shiro.config.Ini] - Discovered key/value pair: jdbcRealm.dataSource=$dataSource 
2018-08-18 19:13:33,367 TRACE [org.apache.shiro.config.Ini] - Discovered key/value pair: securityManager.realm=$jdbcRealm 
2018-08-18 19:13:33,368 DEBUG [org.apache.shiro.config.IniFactorySupport] - Creating instance from Ini [sections=main] 
2018-08-18 19:13:33,451 INFO [com.mchange.v2.log.MLog] - MLog clients using log4j logging. 
2018-08-18 19:13:33,856 INFO [com.mchange.v2.c3p0.C3P0Registry] - Initializing c3p0-0.9.1.2 [built 21-May-2007 15:04:56; debug? true; trace: 10] 
2018-08-18 19:13:33,980 TRACE [org.apache.shiro.config.ReflectionBuilder] - Applying property [driverClass] value [com.mysql.jdbc.Driver] on object of type [com.mchange.v2.c3p0.ComboPooledDataSource] 
2018-08-18 19:13:33,981 TRACE [org.apache.shiro.config.ReflectionBuilder] - Applying property [jdbcUrl] value [jdbc:mysql://localhost:3306/db_shiro] on object of type [com.mchange.v2.c3p0.ComboPooledDataSource] 
2018-08-18 19:13:33,981 TRACE [org.apache.shiro.config.ReflectionBuilder] - Applying property [user] value [root] on object of type [com.mchange.v2.c3p0.ComboPooledDataSource] 
2018-08-18 19:13:33,982 TRACE [org.apache.shiro.config.ReflectionBuilder] - Applying property [password] value [123456] on object of type [com.mchange.v2.c3p0.ComboPooledDataSource] 
2018-08-18 19:13:33,997 DEBUG [org.apache.shiro.config.ReflectionBuilder] - Encountered object reference '$dataSource'.  Looking up object with id 'dataSource' 
2018-08-18 19:13:34,058 INFO [com.mchange.v2.c3p0.impl.AbstractPoolBackedDataSource] - Initializing c3p0 pool... com.mchange.v2.c3p0.ComboPooledDataSource [ acquireIncrement -> 3, acquireRetryAttempts -> 30, acquireRetryDelay -> 1000, autoCommitOnClose -> false, automaticTestTable -> null, breakAfterAcquireFailure -> false, checkoutTimeout -> 0, connectionCustomizerClassName -> null, connectionTesterClassName -> com.mchange.v2.c3p0.impl.DefaultConnectionTester, dataSourceName -> 1hgf6kh9xlajcr3nredt4|363ee3a2, debugUnreturnedConnectionStackTraces -> false, description -> null, driverClass -> com.mysql.jdbc.Driver, factoryClassLocation -> null, forceIgnoreUnresolvedTransactions -> false, identityToken -> 1hgf6kh9xlajcr3nredt4|363ee3a2, idleConnectionTestPeriod -> 0, initialPoolSize -> 3, jdbcUrl -> jdbc:mysql://localhost:3306/db_shiro, maxAdministrativeTaskTime -> 0, maxConnectionAge -> 0, maxIdleTime -> 0, maxIdleTimeExcessConnections -> 0, maxPoolSize -> 15, maxStatements -> 0, maxStatementsPerConnection -> 0, minPoolSize -> 3, numHelperThreads -> 3, numThreadsAwaitingCheckoutDefaultUser -> 0, preferredTestQuery -> null, properties -> {password=******, user=******}, propertyCycle -> 0, testConnectionOnCheckin -> false, testConnectionOnCheckout -> false, unreturnedConnectionTimeout -> 0, usesTraditionalReflectiveProxies -> false ] 
2018-08-18 19:13:34,059 TRACE [org.apache.shiro.config.ReflectionBuilder] - Applying property [dataSource] value [com.mchange.v2.c3p0.ComboPooledDataSource [ acquireIncrement -> 3, acquireRetryAttempts -> 30, acquireRetryDelay -> 1000, autoCommitOnClose -> false, automaticTestTable -> null, breakAfterAcquireFailure -> false, checkoutTimeout -> 0, connectionCustomizerClassName -> null, connectionTesterClassName -> com.mchange.v2.c3p0.impl.DefaultConnectionTester, dataSourceName -> 1hgf6kh9xlajcr3nredt4|363ee3a2, debugUnreturnedConnectionStackTraces -> false, description -> null, driverClass -> com.mysql.jdbc.Driver, factoryClassLocation -> null, forceIgnoreUnresolvedTransactions -> false, identityToken -> 1hgf6kh9xlajcr3nredt4|363ee3a2, idleConnectionTestPeriod -> 0, initialPoolSize -> 3, jdbcUrl -> jdbc:mysql://localhost:3306/db_shiro, maxAdministrativeTaskTime -> 0, maxConnectionAge -> 0, maxIdleTime -> 0, maxIdleTimeExcessConnections -> 0, maxPoolSize -> 15, maxStatements -> 0, maxStatementsPerConnection -> 0, minPoolSize -> 3, numHelperThreads -> 3, numThreadsAwaitingCheckoutDefaultUser -> 0, preferredTestQuery -> null, properties -> {password=******, user=******}, propertyCycle -> 0, testConnectionOnCheckin -> false, testConnectionOnCheckout -> false, unreturnedConnectionTimeout -> 0, usesTraditionalReflectiveProxies -> false ]] on object of type [org.apache.shiro.realm.jdbc.JdbcRealm] 
2018-08-18 19:13:34,071 DEBUG [org.apache.shiro.config.ReflectionBuilder] - Encountered object reference '$jdbcRealm'.  Looking up object with id 'jdbcRealm' 
2018-08-18 19:13:34,074 TRACE [org.apache.shiro.config.ReflectionBuilder] - Applying property [realm] value [[email protected]] on object of type [org.apache.shiro.mgt.DefaultSecurityManager] 
2018-08-18 19:13:34,078 DEBUG [org.apache.shiro.realm.AuthorizingRealm] - No authorizationCache instance set.  Checking for a cacheManager... 
2018-08-18 19:13:34,079 INFO [org.apache.shiro.realm.AuthorizingRealm] - No cache or cacheManager properties have been set.  Authorization cache cannot be obtained. 
2018-08-18 19:13:34,079 INFO [org.apache.shiro.config.IniSecurityManagerFactory] - Realms have been explicitly set on the SecurityManager instance - auto-setting of realms will not occur. 
2018-08-18 19:13:34,085 TRACE [org.apache.shiro.mgt.DefaultSecurityManager] - Context already contains a SecurityManager instance.  Returning. 
2018-08-18 19:13:34,085 TRACE [org.apache.shiro.mgt.DefaultSecurityManager] - No identity (PrincipalCollection) found in the context.  Looking for a remembered identity. 
2018-08-18 19:13:34,085 TRACE [org.apache.shiro.mgt.DefaultSecurityManager] - No remembered identity found.  Returning original context. 
2018-08-18 19:13:34,091 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = true; session has id = false 
2018-08-18 19:13:34,091 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = true; session has id = false 
2018-08-18 19:13:34,091 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = true; session has id = false 
2018-08-18 19:13:34,091 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = true; session has id = false 
2018-08-18 19:13:34,092 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = true; session has id = false 
2018-08-18 19:13:34,092 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = true; session has id = false 
2018-08-18 19:13:34,092 TRACE [org.apache.shiro.authc.AbstractAuthenticator] - Authentication attempt received for token [org.apache.shiro.authc.UsernamePasswordToken - java, rememberMe=false] 
2018-08-18 19:13:34,528 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - Looked up AuthenticationInfo [java] from doGetAuthenticationInfo 
2018-08-18 19:13:34,528 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - AuthenticationInfo caching is disabled for info [java].  Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - java, rememberMe=false]. 
2018-08-18 19:13:34,528 DEBUG [org.apache.shiro.authc.credential.SimpleCredentialsMatcher] - Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [[C] 
2018-08-18 19:13:34,528 DEBUG [org.apache.shiro.authc.credential.SimpleCredentialsMatcher] - Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison 
2018-08-18 19:13:34,528 DEBUG [org.apache.shiro.authc.AbstractAuthenticator] - Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - java, rememberMe=false].  Returned account [java] 
2018-08-18 19:13:34,528 DEBUG [org.apache.shiro.subject.support.DefaultSubjectContext] - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup. 
2018-08-18 19:13:34,528 TRACE [org.apache.shiro.mgt.DefaultSecurityManager] - Context already contains a SecurityManager instance.  Returning. 
2018-08-18 19:13:34,529 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = true; session has id = false 
2018-08-18 19:13:34,529 DEBUG [org.apache.shiro.subject.support.DefaultSubjectContext] - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup. 
2018-08-18 19:13:34,529 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = true; session has id = false 
2018-08-18 19:13:34,529 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = true; session has id = false 
2018-08-18 19:13:34,529 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = true; session has id = false 
2018-08-18 19:13:34,529 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = true; session has id = false 
2018-08-18 19:13:34,529 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = true; session has id = false 
2018-08-18 19:13:34,529 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = true; session has id = false 
2018-08-18 19:13:34,529 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = true; session is null = true; session has id = false 
2018-08-18 19:13:34,529 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - Starting session for host null 
2018-08-18 19:13:34,529 DEBUG [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - No sessionValidationScheduler set.  Attempting to create default instance. 
2018-08-18 19:13:34,530 TRACE [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Created default SessionValidationScheduler instance of type [org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler]. 
2018-08-18 19:13:34,530 INFO [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Enabling session validation scheduler... 
2018-08-18 19:13:34,532 TRACE [org.apache.shiro.session.mgt.DefaultSessionManager] - Creating session for host null 
2018-08-18 19:13:34,532 DEBUG [org.apache.shiro.session.mgt.DefaultSessionManager] - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null] 
2018-08-18 19:13:34,534 TRACE [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting to retrieve session with key [email protected] 
2018-08-18 19:13:34,534 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = false; session has id = true 
2018-08-18 19:13:34,534 TRACE [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting to retrieve session with key [email protected] 
2018-08-18 19:13:34,535 TRACE [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting to retrieve session with key [email protected] 
2018-08-18 19:13:34,535 TRACE [org.apache.shiro.mgt.DefaultSecurityManager] - This org.apache.shiro.mgt.DefaultSecurityManager instance does not have a [org.apache.shiro.mgt.RememberMeManager] instance configured.  RememberMe services will not be performed for account [java]. 
2018-08-18 19:13:34,535 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = false; session has id = true 
身份认证成功！
2018-08-18 19:13:34,535 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = false; session has id = true 
2018-08-18 19:13:34,535 TRACE [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting to retrieve session with key [email protected] 
2018-08-18 19:13:34,535 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = false; session has id = true 
2018-08-18 19:13:34,535 TRACE [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting to retrieve session with key [email protected] 
2018-08-18 19:13:34,535 DEBUG [org.apache.shiro.mgt.DefaultSecurityManager] - Logging out subject with primary principal java 
2018-08-18 19:13:34,535 DEBUG [org.apache.shiro.realm.AuthorizingRealm] - No authorizationCache instance set.  Checking for a cacheManager... 
2018-08-18 19:13:34,535 INFO [org.apache.shiro.realm.AuthorizingRealm] - No cache or cacheManager properties have been set.  Authorization cache cannot be obtained. 
2018-08-18 19:13:34,535 TRACE [org.apache.shiro.realm.CachingRealm] - Cleared cache entries for account with principals [java] 
2018-08-18 19:13:34,535 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = false; session has id = true 
2018-08-18 19:13:34,535 TRACE [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting to retrieve session with key [email protected] 
2018-08-18 19:13:34,535 TRACE [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting to retrieve session with key [email protected] 
2018-08-18 19:13:34,535 TRACE [org.apache.shiro.subject.support.DelegatingSubject] - attempting to get session; create = false; session is null = false; session has id = true 
2018-08-18 19:13:34,535 TRACE [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting to retrieve session with key [email protected] 
2018-08-18 19:13:34,536 DEBUG [org.apache.shiro.session.mgt.AbstractSessionManager] - Stopping session with id [7bd4488e-c185-4be1-b891-4f92a4c7f482]

shiro_02_身份认证Subject 认证主体身份认证流程Realm

Subject 认证主体

身份认证流程

Realm

继续阅读

Springboot集成Shiro实现权限认证

springboot整合shiro实现认证授权源码shiro-admin前端请求案例

SpringBoot整合Shiro，权限的动态加载、更新，Shiro-Redis实现分布式Session共享，挤人功能（带后台管理界面）

SpringBoot(13) 集成Shiro实现动态加载权限

Spring Boot Shiro CAS集成Spring Boot Shiro CAS集成

基于若依框架springsecurity添加多种用户登录解决方案（springsecurity多用户登录：前端用户、后端用户）详细步骤：

Shiro入门-自定义realm

Shiro整合springboot项目实战（前端是使用jsp实现）---注册功能

浅见之加密算法中盐的作用

Shiro-550反序列化漏洞复现及漏洞利用复现总结

SpringBoot 基于Shiro + Jwt + Redis的用户权限管理 (二) 认证

Spring mvc + MyBatis 整合Shiro

Spring Boot整合分布式Shiro

shiroWeb项目-记住我(自动登陆实现)(十五)

windows server2008系统服务器，安装sqlServer 2008 r2，过程记录

Shiro入门-shiro与spring整合

shiro_02_身份认证Subject 认证主体 身份认证流程Realm

Subject 认证主体

身份认证流程

Realm

继续阅读

shiro_02_身份认证Subject 认证主体身份认证流程Realm