/**
* Remembers a subject-unique identity for retrieval later. This implementation first
* {@link #getIdentityToRemember resolves} the exact
* {@link PrincipalCollection principals} to remember. It then remembers the principals by calling
* {@link #rememberIdentity(org.apache.shiro.subject.Subject, org.apache.shiro.subject.PrincipalCollection)}.
* <p/>
* This implementation ignores the {@link AuthenticationToken} argument, but it is available to subclasses if
* necessary for custom logic.
*
* @param subject the subject for which the principals are being remembered.
* @param token the token that resulted in a successful authentication attempt.
* @param authcInfo the authentication info resulting from the successful authentication attempt.
*/publicvoidrememberIdentity(Subjectsubject,AuthenticationTokentoken,AuthenticationInfoauthcInfo){PrincipalCollectionprincipals=getIdentityToRemember(subject,authcInfo);rememberIdentity(subject,principals);}
protectedvoidrememberSerializedIdentity(Subjectsubject,byte[]serialized){if(!WebUtils.isHttp(subject)){if(log.isDebugEnabled()){Stringmsg="Subject argument is not an HTTP-aware instance. This is required to obtain a servlet "+"request and response in order to set the rememberMe cookie. Returning immediately and "+"ignoring rememberMe operation.";log.debug(msg);}return;}HttpServletRequestrequest=WebUtils.getHttpRequest(subject);HttpServletResponseresponse=WebUtils.getHttpResponse(subject);//base 64 encode it and store as a cookie:
Stringbase64=Base64.encodeToString(serialized);Cookietemplate=getCookie();//the class attribute is really a template for the outgoing cookies
Cookiecookie=newSimpleCookie(template);cookie.setValue(base64);cookie.saveTo(request,response);}
将信息经过 base64 编码之后形成最终的 rememberMe
解密
定位到 getRememberedPrincipals 方法
1
2
3
4
5
6
7
8
9
10
11
12
13
publicPrincipalCollectiongetRememberedPrincipals(SubjectContextsubjectContext){PrincipalCollectionprincipals=null;try{byte[]bytes=getRememberedSerializedIdentity(subjectContext);//SHIRO-138 - only call convertBytesToPrincipals if bytes exist:
if(bytes!=null&&bytes.length>0){principals=convertBytesToPrincipals(bytes,subjectContext);}}catch(RuntimeExceptionre){principals=onRememberedPrincipalFailure(re,subjectContext);}returnprincipals;}
publicTdeserialize(byte[]serialized)throwsSerializationException{if(serialized==null){Stringmsg="argument cannot be null.";thrownewIllegalArgumentException(msg);}ByteArrayInputStreambais=newByteArrayInputStream(serialized);BufferedInputStreambis=newBufferedInputStream(bais);try{ObjectInputStreamois=newClassResolvingObjectInputStream(bis);@SuppressWarnings({"unchecked"})Tdeserialized=(T)ois.readObject();ois.close();returndeserialized;}catch(Exceptione){Stringmsg="Unable to deserialze argument byte array.";thrownewSerializationException(msg,e);}}