Shiro Shiro Web Support - WebIniSecurityManagerFactory IniFilterChainResolverFactory

昨天晚上在说的时候没有吧创建Web管家 和 FilterChainResolver 说的特别的清楚，今天呢，继续进行学习，其实大概和之前的讲的差不多。





IniWebEnvironment类中的继续进行

protected void configure() {

this.objects.clear();

WebSecurityManager securityManager = createWebSecurityManager();
setWebSecurityManager(securityManager);

FilterChainResolver resolver = createFilterChainResolver();
if (resolver != null) {
setFilterChainResolver(resolver);
}
}

IniSecurityManagerFactory是我们之前学习的一个类，这里面的一个ReflectionBuilder，反射创建器创建我们的IOC简单的容器哦~然后把这些创建的实例，放到昨天将的环境中的currentHashMap中去保存，我们继续跟进看看怎么创建了WebSecurityManager，哈哈！

protected WebSecurityManager createWebSecurityManager() {
WebIniSecurityManagerFactory factory;
Ini ini = getIni();
if (CollectionUtils.isEmpty(ini)) {
factory = new WebIniSecurityManagerFactory();
} else {
factory = new WebIniSecurityManagerFactory(ini);
}

WebSecurityManager wsm = (WebSecurityManager)factory.getInstance();

//SHIRO-306 - get beans after they've been created (the call was before the factory.getInstance() call,
//which always returned null.
Map<String, ?> beans = factory.getBeans();
if (!CollectionUtils.isEmpty(beans)) {
this.objects.putAll(beans);
}

return wsm;
}

这个当前getIni中获取的数据的信息，可以看出，就把配置中的信息读取出来了。我们一步步的跟进去。



**之后就是创建WebSecurityManager工厂，继承了之前的工厂，就是之前简单的解析的那个工厂**IniSecurityManagerFactory 这个是我们之前写测试使用的这个工厂类！首先看看新具体的流程，之后再去查看这个工厂的具体的意义是什么。

跟进这个充满了模板方法的类中

WebSecurityManager wsm = (WebSecurityManager)factory.getInstance();

public abstract class AbstractFactory<T> implements Factory<T>

//模板方法给子类调用
protected abstract T createInstance();

public abstract class IniFactorySupport<T> extends AbstractFactory<T>

//继续模板给子类的这个方法
protected abstract T createInstance(Ini ini);

IniSecurityManagerFactory

public class IniSecurityManagerFactory extends IniFactorySupport<SecurityManager>

protected SecurityManager createInstance(Ini ini) {
if (CollectionUtils.isEmpty(ini)) {
throw new NullPointerException("Ini argument cannot be null or empty.");
}
SecurityManager securityManager = createSecurityManager(ini);
if (securityManager == null) {
String msg = SecurityManager.class + " instance cannot be null.";
throw new ConfigurationException(msg);
}
return securityManager;
}

createSecurityManager(ini);

这里需要指出，Ini里面其实就是一个两层Map的结构，这里拿到配置的信息进行处理，这里的处理方式一般为，通过反射一会放置在ReflectionBuilder类里面的map中，比如我们的管家都是放置在这里的，最后通过getBean设置在之前的环境中，builder就是ReflectionBuilder，一个备份的Map容器！

public Map<String, ?> getBeans() {
return this.builder != null ? Collections.unmodifiableMap(builder.getObjects()) : null;
}

private SecurityManager createSecurityManager(Ini ini) {
Ini.Section mainSection = ini.getSection(MAIN_SECTION_NAME);
if (CollectionUtils.isEmpty(mainSection)) {
//try the default:
mainSection = ini.getSection(Ini.DEFAULT_SECTION_NAME);
}
return createSecurityManager(ini, mainSection);
}

然后进入这里，这里的主要的思路就是，首先创建一个默认的SecurityManager，然后设置信息哦！buildInstances 这里面就是通过反射设置信息relam!

private SecurityManager createSecurityManager(Ini ini, Ini.Section mainSection) {

Map<String, ?> defaults = createDefaults(ini, mainSection);
Map<String, ?> objects = buildInstances(mainSection, defaults);

SecurityManager securityManager = getSecurityManagerBean();

boolean autoApplyRealms = isAutoApplyRealms(securityManager);

if (autoApplyRealms) {
//realms and realm factory might have been created - pull them out first so we can
//initialize the securityManager:
Collection<Realm> realms = getRealms(objects);
//set them on the SecurityManager
if (!CollectionUtils.isEmpty(realms)) {
applyRealmsToSecurityManager(realms, securityManager);
}
}

return securityManager;
}

public class WebIniSecurityManagerFactory extends IniSecurityManagerFactory createDefaults 这个被子类覆盖了，因为增加了Web的信息内容，有了过滤器，有一些默认的过滤器需要实例化！放在备份的文件中。

protected Map<String, ?> createDefaults(Ini ini, Ini.Section mainSection) {
Map defaults = super.createDefaults(ini, mainSection);
//add the default filters:
Map<String, Filter> defaultFilters = DefaultFilter.createInstanceMap(null);
defaults.putAll(defaultFilters);
return defaults;
}

IniSecurityManagerFactory 工厂的创建默认的管家信息哦

protected Map<String, ?> createDefaults(Ini ini, Ini.Section mainSection) {
Map<String, Object> defaults = new LinkedHashMap<String, Object>();
//把创建好的管家，放置在Io容器中哦！
SecurityManager securityManager = createDefaultInstance();
defaults.put(SECURITY_MANAGER_NAME, securityManager);

if (shouldImplicitlyCreateRealm(ini)) {
Realm realm = createRealm(ini);
if (realm != null) {
defaults.put(INI_REALM_NAME, realm);
}
}

return defaults;
}
//创建的管家哦~~ 上传过了好多次图了，继续学习一次！
protected SecurityManager createDefaultInstance() {
return new DefaultSecurityManager();
}

WebIniSecurityManagerFactory回过头来在看看，创建默认的Filter过滤器是怎么样的东西呢！

Map<String, Filter> defaultFilters = DefaultFilter.createInstanceMap(null);

哈哈，这个你看的懂？，写的还是不错哦，使用枚举，然后进行反射创建过滤器实例，虽然这些实例之间的联系还没有创建，过滤链，但是想想应该有用的哦，这个用法比较高级吧！不过笔者也是比较喜欢使用枚举的~看起来就是舒服啊！创建实例放入备份的map中！

public enum DefaultFilter {

anon(AnonymousFilter.class),
authc(FormAuthenticationFilter.class),
authcBasic(BasicHttpAuthenticationFilter.class),
logout(LogoutFilter.class),
noSessionCreation(NoSessionCreationFilter.class),
perms(PermissionsAuthorizationFilter.class),
port(PortFilter.class),
rest(HttpMethodPermissionFilter.class),
roles(RolesAuthorizationFilter.class),
ssl(SslFilter.class),
user(UserFilter.class);

private final Class<? extends Filter> filterClass;

private DefaultFilter(Class<? extends Filter> filterClass) {
this.filterClass = filterClass;
}

public Filter newInstance() {
return (Filter) ClassUtils.newInstance(this.filterClass);
}

public Class<? extends Filter> getFilterClass() {
return this.filterClass;
}

public static Map<String, Filter> createInstanceMap(FilterConfig config) {
Map<String, Filter> filters = new LinkedHashMap<String, Filter>(values().length);
for (DefaultFilter defaultFilter : values()) {
Filter filter = defaultFilter.newInstance();
if (config != null) {
try {
filter.init(config);
} catch (ServletException e) {
String msg = "Unable to correctly init default filter  type " +
filter.getClass().getName();
throw new IllegalStateException(msg, e);
}
}
filters.put(defaultFilter.name(), filter);
}
return filters;
}
}

IniSecurityManagerFactory又来到了这里继续进行处理工作createSecurityManager的createDefaults，完成了之后，看看defaults中有了多少实例的变量的信息呢？，下面接着的buildInstances这里很重要啦，这里是配置信息的处理，通过读取配置信息，然后进行反射创建对象。比如配置的realm的信息，进行反射呢！

private SecurityManager createSecurityManager(Ini ini, Ini.Section mainSection) {

Map<String, ?> defaults = createDefaults(ini, mainSection);
Map<String, ?> objects = buildInstances(mainSection, defaults);

SecurityManager securityManager = getSecurityManagerBean();

boolean autoApplyRealms = isAutoApplyRealms(securityManager);

if (autoApplyRealms) {
//realms and realm factory might have been created - pull them out first so we can
//initialize the securityManager:
Collection<Realm> realms = getRealms(objects);
//set them on the SecurityManager
if (!CollectionUtils.isEmpty(realms)) {
applyRealmsToSecurityManager(realms, securityManager);
}
}

return securityManager;
}

反射建筑，英文翻译过来就是这个意思啦~， private Map< String, ?> objects;内部有个Map保存之前放置的，然后最后返回给Web环境变量哦！得到之后，又返回重IOC-MP中获取realm然后设置在管家里面！

private Map<String, ?> buildInstances(Ini.Section section, Map<String, ?> defaults) {
this.builder = new ReflectionBuilder(defaults);
return this.builder.buildObjects(section);
}

IniWebEnvironment

protected WebSecurityManager createWebSecurityManager() {
WebIniSecurityManagerFactory factory;
Ini ini = getIni();
if (CollectionUtils.isEmpty(ini)) {
factory = new WebIniSecurityManagerFactory();
} else {
factory = new WebIniSecurityManagerFactory(ini);
}
//得到返回的工厂之后设置,实例Bean，到当前类的currentHashMap中去备份起来！
WebSecurityManager wsm = (WebSecurityManager)factory.getInstance();

//SHIRO-306 - get beans after they've been created (the call was before the factory.getInstance() call,
//which always returned null. 这个之前说过的，反射里面进行获取信息。
Map<String, ?> beans = factory.getBeans();
if (!CollectionUtils.isEmpty(beans)) {
this.objects.putAll(beans);
}

return wsm;
}

IniWebEnvironment中的里面的信息，获取了WebSecurityManager之后，可以获取到FilterChainResolver，进行处理信息哦！，在继续看看怎么产生这个FilterChainResolver

 protected void configure() {

this.objects.clear();

WebSecurityManager securityManager = createWebSecurityManager();
setWebSecurityManager(securityManager);

FilterChainResolver resolver = createFilterChainResolver();
if (resolver != null) {
setFilterChainResolver(resolver);
}
}

FilterChainResolver

protected FilterChainResolver createFilterChainResolver() {

FilterChainResolver resolver = null;

Ini ini = getIni();

if (!CollectionUtils.isEmpty(ini)) {
//only create a resolver if the 'filters' or 'urls' sections are defined:
Ini.Section urls = ini.getSection(IniFilterChainResolverFactory.URLS);
Ini.Section filters = ini.getSection(IniFilterChainResolverFactory.FILTERS);
if (!CollectionUtils.isEmpty(urls) || !CollectionUtils.isEmpty(filters)) {
//either the urls section or the filters section was defined.  Go ahead and create the resolver:
IniFilterChainResolverFactory factory = new IniFilterChainResolverFactory(ini, this.objects);
resolver = factory.getInstance();
}
}

return resolver;
}

public class IniFilterChainResolverFactory extends IniFactorySupport< FilterChainResolver> 这个好像之前见过的吧！，一样的跟着使用getInstance(),达到了一种复用的感觉~，也可以让使用者调用的API接口根加的简单，清晰！

和之前的差不多~，一步步的模板往下面走，然后走到了这里哦

protected FilterChainResolver createInstance(Ini ini) {
FilterChainResolver filterChainResolver = createDefaultInstance();
if (filterChainResolver instanceof PathMatchingFilterChainResolver) {
PathMatchingFilterChainResolver resolver = (PathMatchingFilterChainResolver) filterChainResolver;
FilterChainManager manager = resolver.getFilterChainManager();
buildChains(manager, ini);
}
return filterChainResolver;
}

PathMatchingFilterChainResolver 创建了一个这个，是它的实现

protected FilterChainResolver createDefaultInstance() {
FilterConfig filterConfig = getFilterConfig();
if (filterConfig != null) {
return new PathMatchingFilterChainResolver(filterConfig);
} else {
return new PathMatchingFilterChainResolver();
}
}

PathMatchingFilterChainResolver继承图



//这个过滤器链，更加灵活的允许动态的构建，这个是我们希望达到的目的，之前的那些默认的过滤器并没有被配置到XML中，我也在想这个问题，这个怎么动态的加入的，对于不同的URL的请求！

/**
* A {@code FilterChainResolver} can resolve an appropriate {@link FilterChain} to execute during a
* {@code ServletRequest}.  It allows resolution of arbitrary filter chains which can be executed for any given
* request or URI/URL.
* <p/>
* This mechanism allows for a much more flexible FilterChain resolution than normal {@code web.xml} servlet filter
* definitions:  it allows arbitrary filter chains to be defined per URL in a much more concise and easy to read manner,
* and even allows filter chains to be dynamically resolved or constructed at runtime if the underlying implementation
* supports it.
*
* @since 1.0
*/
public interface FilterChainResolver {

/**
* Returns the filter chain that should be executed for the given request, or {@code null} if the
* original chain should be used.
* <p/>
* This method allows a implementation to define arbitrary security {@link javax.servlet.Filter Filter}
* chains for any given request or URL pattern.
*
* @param originalChain the original {@code FilterChain} intercepted by the ShiroFilter implementation.
* @return the filter chain that should be executed for the given request, or {@code null} if the
*         original chain should be used.
*/
FilterChain getChain(ServletRequest request, ServletResponse response, FilterChain originalChain);

}

//这个基于路基匹配算法，是否匹配正确！正确返回过滤链哦！
public class PathMatchingFilterChainResolver implements FilterChainResolver {

private FilterChainManager filterChainManager;

private PatternMatcher pathMatcher;

public PathMatchingFilterChainResolver() {
this.pathMatcher = new AntPathMatcher();
this.filterChainManager = new DefaultFilterChainManager();
}

public PathMatchingFilterChainResolver(FilterConfig filterConfig) {
this.pathMatcher = new AntPathMatcher();
this.filterChainManager = new DefaultFilterChainManager(filterConfig);
}

public PatternMatcher getPathMatcher() {
return pathMatcher;
}

public void setPathMatcher(PatternMatcher pathMatcher) {
this.pathMatcher = pathMatcher;
}

public FilterChainManager getFilterChainManager() {
return filterChainManager;
}

@SuppressWarnings({"UnusedDeclaration"})
public void setFilterChainManager(FilterChainManager filterChainManager) {
this.filterChainManager = filterChainManager;
}

public FilterChain getChain(ServletRequest request, ServletResponse response, FilterChain originalChain) {
FilterChainManager filterChainManager = getFilterChainManager();
if (!filterChainManager.hasChains()) {
return null;
}

String requestURI = getPathWithinApplication(request);

//the 'chain names' in this implementation are actually path patterns defined by the user.  We just use them
//as the chain name for the FilterChainManager's requirements
for (String pathPattern : filterChainManager.getChainNames()) {

// If the path does match, then pass on to the subclass implementation for specific checks:
if (pathMatches(pathPattern, requestURI)) {
if (log.isTraceEnabled()) {
log.trace("Matched path pattern [" + pathPattern + "] for requestURI [" + requestURI + "].  " +
"Utilizing corresponding filter chain...");
}
return filterChainManager.proxy(originalChain, pathPattern);
}
}

return null;
}

//看看匹配是否成功！
protected boolean pathMatches(String pattern, String path) {
PatternMatcher pathMatcher = getPathMatcher();
return pathMatcher.matches(pattern, path);
}

protected String getPathWithinApplication(ServletRequest request) {
return WebUtils.getPathWithinApplication(WebUtils.toHttp(request));
}
}

FilterChainManager过滤链管家啊，就是通过过滤的路径动态的选择是否进行过滤呢！，因为之前我们已经配置了URl的信息啦，这样就可以通过URL的信息进行管理过滤链的！每个URL进行处理是否需要进行安全的过滤。



这个今天看的差不多了…..