日期:2014-05-16 浏览次数:21135 次
<bean id="authenticator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator"> <property name="realms"> <list> <ref bean="defaultJdbcRealm" /> <ref bean="backDoorJdbcRealm" /> </list> </property> <property name="authenticationStrategy"> <bean class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy" /> </property> </bean>
package xxx.yyy.security; import java.util.Collection; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.pam.AuthenticationStrategy; import org.apache.shiro.realm.Realm; import org.apache.shiro.util.CollectionUtils; public class ModularRealmAuthenticator extends org.apache.shiro.authc.pam.ModularRealmAuthenticator { @Override protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) { AuthenticationStrategy strategy = getAuthenticationStrategy(); AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token); for (Realm realm : realms) { aggregate = strategy.beforeAttempt(realm, token, aggregate); if (realm.supports(token)) { AuthenticationInfo info = null; Throwable t = null; try { info = realm.getAuthenticationInfo(token); } catch (Throwable throwable) { t = throwable; } aggregate = strategy.afterAttempt(realm, token, info, aggregate, t); // dirty dirty hack if (aggregate != null && !CollectionUtils.isEmpty(aggregate.getPrincipals())) { return aggregate; } // end dirty dirty hack } else { } } aggregate = strategy.afterAllAttempts(token, aggregate); return aggregate; } }
<!-- 认证管理器 --> <bean id="authenticator" class="xxx.yyy.security.ModularRealmAuthenticator"> <property name="realms"> <list> <ref bean="defaultJdbcRealm" /> <ref bean="backDoorJdbcRealm" /> </list> </property> <property name="authenticationStrategy"> <bean class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy" /> </property> </bean>