shiro多realm抛出异常问题

抛出异常问题"/>

shiro多realm抛出异常问题

shiro多realm抛出异常问题

关于这个问题百度会搜到很多内容，但是大多数都不全，只是提到了一部分内容，所以综合本人以及网上搜到的内容，提出如下解决方案：

我是使用了两个Realm，一个用于用户登录验证和访问权限获取；一个用于jwt token的认证，所以出现了
Authentication token of type [class org.apache.shiro.authc.Username
PasswordToken] could not be authenticated by any configured realms.
其中涉及到的原理方面的东西我就不多说了，网上讲的比我清楚，我这里直接贴出全部的解决代码：
1.在每个realm中都要有support方法的重写：

 @Override
public boolean supports(AuthenticationToken token) {return token instanceof JwtToken;
}@Override
public boolean supports(AuthenticationToken token) {return token instanceof UsernamePasswordToken;
}

2.自定义一个类继承ModularRealmAuthenticator，并重写doMultiRealmAuthentication方法：

 private static final Logger log = LoggerFactory.getLogger(MyModularRealmAuthenticator.class);@Overrideprotected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {AuthenticationStrategy strategy = getAuthenticationStrategy();AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);if (log.isTraceEnabled()) {log.trace("Iterating through {} realms for PAM authentication", realms.size());}AuthenticationException authenticationException = null;for (Realm realm : realms) {aggregate = strategy.beforeAttempt(realm, token, aggregate);if (realm.supports(token)) {log.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm);AuthenticationInfo info = null;try {info = realm.getAuthenticationInfo(token);} catch (AuthenticationException e) {authenticationException = e;if (log.isDebugEnabled()) {String msg = "Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:";log.debug(msg, e);}}aggregate = strategy.afterAttempt(realm, token, info, aggregate, authenticationException);} else {log.debug("Realm [{}] does not support token {}.  Skipping realm.", realm, token);}}if(authenticationException != null){throw authenticationException;}aggregate = strategy.afterAllAttempts(token, aggregate);return aggregate;}

3.在shiro的配置类中注入自定义类（大多数网上都缺少这部分内容）

 @Beanpublic Authenticator authenticator() {ModularRealmAuthenticator authenticator = new MyModularRealmAuthenticator();authenticator.setRealms(Arrays.asList(shiroRealm(), loginRealm()));authenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());return authenticator;}@Bean("securityManager")public DefaultSecurityManager securityManager(){DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();//设置自定义realmSet<Realm> realms = new HashSet<Realm>();realms.add(shiroRealm());realms.add(loginRealm());securityManager.setRealms(realms);//关闭shiro自带的sessionDefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();DefaultSessionStorageEvaluator sessionStorageEvaluator = new DefaultSessionStorageEvaluator();sessionStorageEvaluator.setSessionStorageEnabled(false);subjectDAO.setSessionStorageEvaluator(sessionStorageEvaluator);securityManager.setSubjectDAO(subjectDAO);securityManager.setAuthenticator(authenticator());//解决多realm的异常问题重点在此return securityManager;}