您可以定义
Realmsin
之间的关系
authenticationStrategy。让我们来看一个例子。仅当用户针对所有领域通过身份验证时,才会对用户进行身份验证。您可以进行自己的authenticationStrategy实现,该实现只说一个成功的身份验证就足够了。
在示例中,我们结合了JDBC领域来存储用户名(没有密码),并根据LDAP对其进行身份验证。
可以说,您将添加另一个LDAP领域并创建authenticationStrategy,其中不需要针对领域的所有身份验证。但是,只需对LDAP成功进行一次身份验证就足够了。
shiro.ini
ds = org.apache.shiro.jndi.JndiObjectFactoryds.requiredType = javax.sql.DataSourceds.resourceName = java:comp/env/jdbc/xxxnoPassWordCredentialMatcher = eu.corp.domain.auth.NoPassMatcherldapRealm = eu.corp.domain.auth.CustomActiveDirectoryRealmldapRealm.searchbase = OU=USERS,OU=EN,DC=our,DC=corpldapRealm.url = ldap://our.corp:389ldapRealm.principalSuffix = @our.corpjdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealmjdbcRealm.permissionsLookupEnabled = truejdbcRealm.dataSource = $dsjdbcRealm.credentialsMatcher = $noPassWordCredentialMatcherjdbcRealm.authenticationQuery = SELECt name FROM auth WHERe name = ?jdbcRealm.userRolesQuery = SELECt role.shortcut FROM auth LEFT JOIN auth_role ON auth_role.auth_id = auth.id LEFT JOIN role ON role.id = auth_role.role_id WHERe auth.name = ?jdbcRealm.permissionsQuery = SELECt permission.shortcut FROM role JOIN role_permission ON role_permission.role_id = role.id JOIN permission ON permission.id = role_permission.permission_id WHERe role.shortcut = ?cacheManager = org.apache.shiro.cache.ehcache.EhCacheManagersecurityManager.cacheManager = $cacheManagersecurityManager.realms = $ldapRealm, $jdbcRealmauthcStrategy = org.apache.shiro.authc.pam.AllSuccessfulStrategysecurityManager.authenticator.authenticationStrategy = $authcStrategy
