背景

整体登录逻辑

小程序微信登录

shiro单点登录(多realm验证机制)

首先，shiro是支持多realm的。查看shiro的ModularRealmAuthenticator可看到realm策略，当实现多个realm时，shiro执行的是多个realm权限验证。

（2）shiroConfig里增加新增的WechatRealm

@Configuration
public class ShiroConfig {
          
   
    @Bean
public DefaultWebSecurityManager securityManager(){
          
   
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    //设置realm
    List<Realm> realms =new ArrayList<Realm>();
    realms.add(wechatRealm());
    realms.add(myShiroRealm());
    securityManager.setRealms(realms);
    //记住我
    securityManager.setRememberMeManager(rememberMeManager());
    //session管理
    securityManager.setSessionManager(sessionManager());
    return securityManager;
}
}

这时候进行测试验证会出现如下错误，新定义的WeChatToken不能被任何已配置的realms所认证

org.apache.shiro.authc.AuthenticationException: Authentication token of type 
    [class com.borrowed.book.config.shiro.WeChatToken] could not be authenticated by any configured realms.  
    Please ensure that at least one realm can authenticate these tokens.
	at org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy.afterAllAttempts(AtLeastOneSuccessfulStrategy.java:58)
	at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:241)

public class WeChatToken implements AuthenticationToken {
          
   
    private String openId;
    private String sessionKey;
    public WeChatToken(String openId,String sessionKey){
          
   
        this.openId=openId;
        this.sessionKey=sessionKey;
    }
    @Override
    public Object getPrincipal() {
          
   
        return openId;
    }
    @Override
    public Object getCredentials() {
          
   
        return null;
    }
}

解决办法：在新定义的WechatRealm里，重写supports方法，使其支持WeChatToken

/**
 *  定义该Realm可以处理哪个类型的token
 * @param token
 * @return
 */
@Override
public boolean supports(AuthenticationToken token) {
          
   
    return token!=null&&token instanceof WeChatToken;
}

到此为止，shiro下多realm认证完成。

代码较多，为全部贴出，有需要可留言联系。