它的堆栈一直到getSessionId如下:
getSessionId:54, TokenSessionManager (com.bysxiang.store_boot.security.cache) getSessionId:277, DefaultWebSessionManager (org.apache.shiro.web.session.mgt) retrieveSession:123, TokenSessionManager (com.bysxiang.store_boot.security.cache) doGetSession:118, AbstractValidatingSessionManager (org.apache.shiro.session.mgt) lookupSession:148, AbstractNativeSessionManager (org.apache.shiro.session.mgt) getSession:140, AbstractNativeSessionManager (org.apache.shiro.session.mgt) getSession:159, SessionsSecurityManager (org.apache.shiro.mgt) resolveContextSession:461, DefaultSecurityManager (org.apache.shiro.mgt) resolveSession:447, DefaultSecurityManager (org.apache.shiro.mgt) createSubject:343, DefaultSecurityManager (org.apache.shiro.mgt) buildSubject:845, Subject$Builder (org.apache.shiro.subject) buildWebSubject:148, WebSubject$Builder (org.apache.shiro.web.subject) createSubject:300, AbstractShiroFilter (org.apache.shiro.web.servlet) doFilterInternal:367, AbstractShiroFilter (org.apache.shiro.web.servlet) doFilter:154, OncePerRequestFilter (org.apache.shiro.web.servlet) internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core) doFilter:153, ApplicationFilterChain (org.apache.catalina.core) doFilterInternal:91, CorsFilter (org.springframework.web.filter) doFilter:117, OncePerRequestFilter (org.springframework.web.filter) internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core) doFilter:153, ApplicationFilterChain (org.apache.catalina.core) doFilterInternal:100, RequestContextFilter (org.springframework.web.filter) doFilter:117, OncePerRequestFilter (org.springframework.web.filter) internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core) doFilter:153, ApplicationFilterChain (org.apache.catalina.core) doFilterInternal:93, FormContentFilter (org.springframework.web.filter) doFilter:117, OncePerRequestFilter (org.springframework.web.filter) internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core) doFilter:153, ApplicationFilterChain (org.apache.catalina.core) doFilterInternal:201, CharacterEncodingFilter (org.springframework.web.filter) doFilter:117, OncePerRequestFilter (org.springframework.web.filter) internalDoFilter:178, ApplicationFilterChain (org.apache.catalina.core) doFilter:153, ApplicationFilterChain (org.apache.catalina.core) invoke:167, StandardWrapperValve (org.apache.catalina.core) invoke:90, StandardContextValve (org.apache.catalina.core) invoke:481, AuthenticatorBase (org.apache.catalina.authenticator) invoke:130, StandardHostValve (org.apache.catalina.core) invoke:93, ErrorReportValve (org.apache.catalina.valves) invoke:74, StandardEngineValve (org.apache.catalina.core) service:343, CoyoteAdapter (org.apache.catalina.connector) service:390, Http11Processor (org.apache.coyote.http11) process:63, AbstractProcessorLight (org.apache.coyote) process:926, AbstractProtocol$ConnectionHandler (org.apache.coyote) doRun:1790, NioEndpoint$SocketProcessor (org.apache.tomcat.util.net) run:52, SocketProcessorBase (org.apache.tomcat.util.net) runWorker:1191, ThreadPoolExecutor (org.apache.tomcat.util.threads) run:659, ThreadPoolExecutor$Worker (org.apache.tomcat.util.threads) run:61, TaskThread$WrappingRunnable (org.apache.tomcat.util.threads) run:834, Thread (java.lang)
WebSubject createSubject(ServletRequest request, ServletResponse response)
在AbstractShiroFilter,根据request和response创建WebSubject。
Subject createSubject(SubjectContext subjectContext)
它最终调用this.securityManager.createSubject(this.subjectContext),来生成Subject实例。
SubjectContext resolveSession(SubjectContext context)
尝试根据上下文解析任何关联的Session,并返回表示此解析会话的上下文,以确保执行实际Subject构造的调用的SubjectFactory可以在必要时引用它。
如果上下文中已经存在一个会话(因为调用者希望将其用于主题构造),或者如果没有解析任何会话,则此方法实际上不执行任何操作,返回未更改的上下文方法参数。
Session resolveContextSession(SubjectContext context)
尝试从SubjectContext中获取Session。
Session getSession(SessionKey key)
从sessionManager中获取Session
Session session = lookupSession(key); return session != null ? createExposedSession(session, key) : null;
Session lookupSession(SessionKey key)
doGetSession(final SessionKey key)
Session doGetSession(final SessionKey key)
Session s = retrieveSession(key); if (s != null) { validate(s, key); }
从retrieveSession(key)获取Session,并验证session。