Shiro系列教程ShiroFilter源码分析

Shiro系列教程ShiroFilter源码分析

DefaultFilter

//一个枚举类定义了shiro全部的默认拦截器public enum DefaultFilter {    anon(AnonymousFilter.class),    authc(FormAuthenticationFilter.class),    authcBasic(BasicHttpAuthenticationFilter.class),    logout(LogoutFilter.class),    noSessionCreation(NoSessionCreationFilter.class),    perms(PermissionsAuthorizationFilter.class),    port(PortFilter.class),    rest(HttpMethodPermissionFilter.class),    roles(RolesAuthorizationFilter.class),    ssl(SslFilter.class),    user(UserFilter.class);    private final Class<? extends Filter> filterClass;    private DefaultFilter(Class<? extends Filter> filterClass) {        this.filterClass = filterClass;    }    public Filter newInstance() {        return (Filter) ClassUtils.newInstance(this.filterClass);    }    public Class<? extends Filter> getFilterClass() {        return this.filterClass;    }    public static Map<String, Filter> createInstanceMap(FilterConfig config) {        Map<String, Filter> filters = new LinkedHashMap<String, Filter>(values().length);        for (DefaultFilter defaultFilter : values()) {            Filter filter = defaultFilter.newInstance();            if (config != null) {                try {                    filter.init(config);                } catch (ServletException e) {                    String msg = "Unable to correctly init default filter instance of type " +                            filter.getClass().getName();                    throw new IllegalStateException(msg, e);                }            }            filters.put(defaultFilter.name(), filter);        }        return filters;    }}

DefaultFilterChainManager

public class DefaultFilterChainManager implements FilterChainManager {    private FilterConfig filterConfig;//存储了所有的shiro filter实例 数据结构如下//roles RolesAuthorizationFilter//ssl SslFilter//全部的包括自定义的    private Map<String, Filter> filters;//存储了路径与对应的filter集合//假设URL定义为=》 /index.jsp=authc, roles[admin,user], perms[file:edit]//则数据结构为  key:/index.jsp    value: list[FormAuthenticationFilter对象,RolesAuthorizationFilter对象,PermissionsAuthorizationFilter对象]    private Map<String, NamedFilterList> filterChains;     public DefaultFilterChainManager() {        this.filters = new LinkedHashMap<String, Filter>();        this.filterChains = new LinkedHashMap<String, NamedFilterList>();//把shiro默认的filter加入到filters        addDefaultFilters(false);    }    public DefaultFilterChainManager(FilterConfig filterConfig) {        this.filters = new LinkedHashMap<String, Filter>();        this.filterChains = new LinkedHashMap<String, NamedFilterList>();//把shiro默认的filter加入到filters        setFilterConfig(filterConfig);        addDefaultFilters(true);    }    public FilterConfig getFilterConfig() {        return filterConfig;    }    public void setFilterConfig(FilterConfig filterConfig) {        this.filterConfig = filterConfig;    }    public Map<String, Filter> getFilters() {        return filters;    }    @SuppressWarnings({"UnusedDeclaration"})    public void setFilters(Map<String, Filter> filters) {        this.filters = filters;    }    public Map<String, NamedFilterList> getFilterChains() {        return filterChains;    }    @SuppressWarnings({"UnusedDeclaration"})    public void setFilterChains(Map<String, NamedFilterList> filterChains) {        this.filterChains = filterChains;    }    public Filter getFilter(String name) {        return this.filters.get(name);    }    public void addFilter(String name, Filter filter) {        addFilter(name, filter, false);    }    public void addFilter(String name, Filter filter, boolean init) {        addFilter(name, filter, init, true);    }//创建filterChain//假设配置的URL为 /index.jsp=authc, roles[admin,user], perms[file:edit]//则chainName=/index.jsp chainDefinition=authc, roles[admin,user], perms[file:edit]    public void createChain(String chainName, String chainDefinition) {        //parse the value by tokenizing it to get the resulting filter-specific config entries        //        //e.g. for a value of        //        //     "authc, roles[admin,user], perms[file:edit]"        //        // the resulting token array would equal        //        //     { "authc", "roles[admin,user]", "perms[file:edit]" }        ////传入的为authc, roles[admin,user], perms[file:edit]//返回的数组 ["authc", "roles[admin,user]", "perms[file:edit]"]        String[] filterTokens = splitChainDefinition(chainDefinition);        //each token is specific to each filter.        //strip the name and extract any filter-specific config between brackets [ ]        for (String token : filterTokens) {//传入的是authc 则returned[0] == authc     returned[1] == null//传入的是roles[admin,user] 则returned[0] == roles   returned[1] == admin,user            String[] nameConfigPair = toNameConfigPair(token);//把filter加入到list当中            //例子：传入的是chainName=/index.jsp , nameConfigPair[0]=roles, nameConfigPair[1]=admin,user            addToChain(chainName, nameConfigPair[0], nameConfigPair[1]);        }    }    /**     * Splits the comma-delimited filter chain definition line into individual filter definition tokens.     * <p/>     * Example Input:     * <pre>     *     foo, bar[baz], blah[x, y]     * </pre>     * Resulting Output:     * <pre>     *     output[0] == foo     *     output[1] == bar[baz]     *     output[2] == blah[x, y]     * </pre>     * @param chainDefinition the comma-delimited filter chain definition.     * @return an array of filter definition tokens     * @since 1.2     * @see <a href="https://issues.apache.org/jira/browse/SHIRO-205">SHIRO-205</a>     */    protected String[] splitChainDefinition(String chainDefinition) {        return StringUtils.split(chainDefinition, StringUtils.DEFAULT_DELIMITER_CHAR, '[', ']', true, true);    }    protected String[] toNameConfigPair(String token) throws ConfigurationException {        try {            String[] pair = token.split("\\[", 2);            String name = StringUtils.clean(pair[0]);            if (name == null) {                throw new IllegalArgumentException("Filter name not found for filter chain definition token: " + token);            }            String config = null;            if (pair.length == 2) {                config = StringUtils.clean(pair[1]);                //if there was an open bracket, it assumed there is a closing bracket, so strip it too:                config = config.substring(0, config.length() - 1);                config = StringUtils.clean(config);                //backwards compatibility prior to implementing SHIRO-205:                //prior to SHIRO-205 being implemented, it was common for end-users to quote the config inside brackets                //if that config required commas.  We need to strip those quotes to get to the interior quoted definition                //to ensure any existing quoted definitions still function for end users:                if (config != null && config.startsWith("\"") && config.endsWith("\"")) {                    String stripped = config.substring(1, config.length() - 1);                    stripped = StringUtils.clean(stripped);                    //if the stripped value does not have any internal quotes, we can assume that the entire config was                    //quoted and we can use the stripped value.                    if (stripped != null && stripped.indexOf('"') == -1) {                        config = stripped;                    }                    //else:                    //the remaining config does have internal quotes, so we need to assume that each comma delimited                    //pair might be quoted, in which case we need the leading and trailing quotes that we stripped                    //So we ignore the stripped value.                }            }                        return new String[]{name, config};        } catch (Exception e) {            String msg = "Unable to parse filter chain definition token: " + token;            throw new ConfigurationException(msg, e);        }    }    protected void addFilter(String name, Filter filter, boolean init, boolean overwrite) {        Filter existing = getFilter(name);        if (existing == null || overwrite) {            if (filter instanceof Nameable) {                ((Nameable) filter).setName(name);            }            if (init) {                initFilter(filter);            }            this.filters.put(name, filter);        }    }    public void addToChain(String chainName, String filterName) {        addToChain(chainName, filterName, null);    }    public void addToChain(String chainName, String filterName, String chainSpecificFilterConfig) {        if (!StringUtils.hasText(chainName)) {            throw new IllegalArgumentException("chainName cannot be null or empty.");        }        Filter filter = getFilter(filterName);        if (filter == null) {            throw new IllegalArgumentException("There is no filter with name '" + filterName +                    "' to apply to chain [" + chainName + "] in the pool of available Filters.  Ensure a " +                    "filter with that name/path has first been registered with the addFilter method(s).");        }        applyChainConfig(chainName, filter, chainSpecificFilterConfig);//把filter加入到list //数据结构例如：chainName= /index.jsp    filters= roles, authc        NamedFilterList chain = ensureChain(chainName);        chain.add(filter);    }    protected void applyChainConfig(String chainName, Filter filter, String chainSpecificFilterConfig) {        if (log.isDebugEnabled()) {            log.debug("Attempting to apply path [" + chainName + "] to filter [" + filter + "] " +                    "with config [" + chainSpecificFilterConfig + "]");        }        if (filter instanceof PathConfigProcessor) {//把配置信息设置到filter内部appliedPaths数据结构//chainName = /index.jsp  chainSpecificFilterConfig = admin,user            ((PathConfigProcessor) filter).processPathConfig(chainName, chainSpecificFilterConfig);        } else {            if (StringUtils.hasText(chainSpecificFilterConfig)) {                String msg = "chainSpecificFilterConfig was specified, but the underlying " +                        "Filter instance is not an 'instanceof' " +                        PathConfigProcessor.class.getName() + ".  This is required if the filter is to accept " +                        "chain-specific configuration.";                throw new ConfigurationException(msg);            }        }    }    protected NamedFilterList ensureChain(String chainName) {        NamedFilterList chain = getChain(chainName);        if (chain == null) {            chain = new SimpleNamedFilterList(chainName);            this.filterChains.put(chainName, chain);        }        return chain;    }    public NamedFilterList getChain(String chainName) {        return this.filterChains.get(chainName);    }    public boolean hasChains() {        return !CollectionUtils.isEmpty(this.filterChains);    }    public Set<String> getChainNames() {        //noinspection unchecked        return this.filterChains != null ? this.filterChains.keySet() : Collections.EMPTY_SET;    }//创建一个shiro代理的FilterChain    public FilterChain proxy(FilterChain original, String chainName) {        NamedFilterList configured = getChain(chainName);        if (configured == null) {            String msg = "There is no configured chain under the name/key [" + chainName + "].";            throw new IllegalArgumentException(msg);        }        return configured.proxy(original);    }    /**     * Initializes the filter by calling <code>filter.init( {@link #getFilterConfig() getFilterConfig()} );</code>.     *     * @param filter the filter to initialize with the {@code FilterConfig}.     */    protected void initFilter(Filter filter) {        FilterConfig filterConfig = getFilterConfig();        if (filterConfig == null) {            throw new IllegalStateException("FilterConfig attribute has not been set.  This must occur before filter " +                    "initialization can occur.");        }        try {            filter.init(filterConfig);        } catch (ServletException e) {            throw new ConfigurationException(e);        }    }//把shiro默认的filter加入到filters    protected void addDefaultFilters(boolean init) {        for (DefaultFilter defaultFilter : DefaultFilter.values()) {            addFilter(defaultFilter.name(), defaultFilter.newInstance(), init, false);        }    }}

AbstractShiroFilter

public abstract class AbstractShiroFilter extends OncePerRequestFilter {       protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, final FilterChain chain)            throws ServletException, IOException {        Throwable t = null;        try {            final ServletRequest request = prepareServletRequest(servletRequest, servletResponse, chain);            final ServletResponse response = prepareServletResponse(request, servletResponse, chain);            final Subject subject = createSubject(request, response);            //noinspection unchecked            subject.execute(new Callable() {                public Object call() throws Exception {                    updateSessionLastAccessTime(request, response);                    executeChain(request, response, chain);                    return null;                }            });        } catch (ExecutionException ex) {            t = ex.getCause();        } catch (Throwable throwable) {            t = throwable;        }        if (t != null) {            if (t instanceof ServletException) {                throw (ServletException) t;            }            if (t instanceof IOException) {                throw (IOException) t;            }            //otherwise it's not one of the two exceptions expected by the filter method signature - wrap it in one:            String msg = "Filtered request failed.";            throw new ServletException(msg, t);        }    }    protected FilterChain getExecutionChain(ServletRequest request, ServletResponse response, FilterChain origChain) {        FilterChain chain = origChain;        FilterChainResolver resolver = getFilterChainResolver();        if (resolver == null) {            log.debug("No FilterChainResolver configured.  Returning original FilterChain.");            return origChain;        }//这里是shiro filter的核心，返回shiro代理的FilterChain//具体可以参考ProxiedFilterChain 先执行shiro的fitler  然后再执行origChain的filter        FilterChain resolved = resolver.getChain(request, response, origChain);        if (resolved != null) {            log.trace("Resolved a configured FilterChain for the current request.");            chain = resolved;        } else {            log.trace("No FilterChain configured for the current request.  Using the default.");        }        return chain;    }}