LoCreics Space

Day106_ShootingRange

2 min read

一,Apache Shiro链的跟法:

1.1,环境搭建

1.2,Idea入口

菜单栏 ~> Edit ~> Find ~> Find in files ~> 输入关键字(rememberMeSuccessfulLogin) > 选择Scope(作用域)> 找到需要定位的点

1.3,跟链流程

RememberMeManager rmm = getRememberMeManager();”处设立断点[DefaultSecurityManager.java]

~> 步过至“rmm.onSuccessfulLogin(subject, token, info);”点步入[DefaultSecurityManager.java]

~> 步过至”rememberIdentity(subject, token, info);“点步入[AbstractRememberMeManager.java]

~> 步过至”rememberIdentity(subject, principals);“点步入[AbstractRememberMeManager.java]

~> 步过到“rememberSerializedIdentity(subject, bytes);”点步入到“byte[] bytes = serialize(principals);”一直步入到”if (o == null) {“一直点击步过(可以看到序列化代码)[DefaultSerializer.java]

~>观察oos.writeObject(o);写入的值o为root[DefaultSerializer.java]

~>一直步过到”bytes = encrypt(bytes);“点步入[AbstractRememberMeManager.java]

~>步过至”ByteSource byteSource = cipherService.encrypt(serialized, getEncryptionCipherKey());“点步入[AbstractRememberMeManager.java]

~>步过至”if (generate) {“,观察this的值transformationString=”AES/CBC/PKCS5Padding“,也可以看到key的值[JcaCipherService.java]

~>步过至”ivBytes = generateInitializationVector(false);“点步入,结束后得到iv的值[JcaCipherService.java]

~>步过”return encrypt(plaintext, key, ivBytes, generate);“点步入[JcaCipherService.java]

~>步过至”return super.generateInitializationVector(streaming);“点步入(可以看到iv值是怎么来的)[DefaultBlockCipherService.java]

~>一直步过到”return encrypt(plaintext, key, ivBytes, generate);“点击步入

~>步过至”rememberSerializedIdentity(subject, bytes);“点步入[AbstractRememberMeManager.java]

~>步过至”String base64 = Base64.encodeToString(serialized);“点击步入[CookieRememberMeManager.java]

1.4,逻辑概览

1.4.1,writeObject
1.4.2,aes加密

AES/CBC/PKCS5Padding

iv =[-40, -122, -92, 41, -64, 58, 52, -9, 25, 5, -109, 97, -99, 16, 56, -67] key = [-112, -15, -2, 108, -116, 100, -28, 61, -99, 121, -104, -120, -59, -58, -102, 104]

1.4.3,base64加密

2Cn0vhgpJwZUUudGcuh4qPEGZ6L7Pv+17K4k0bENJUH4jinKocizipMcAKRJSCo1ViwUsAQF6adJTHoyYogwjmirPLm63ZJ2rMZYLlpYka30A6a9MVfdeS5BGvOZ/UCLrj+yMTcG/db2WQ290IRnkb/7tj65l69KLHQaTcEq957t3lxjkxwPhWNu8rUlkpRBiV2kkjd6xXIh0tPw7/AmIg3mCvNGG9/vvMmQ73CUfvgXZPf47q3nnFT1kOVvKggmhKzmr+ljUtU82Lvsx+xHarYvukbC/CKmdHUWfDXgJ9Re3kAvxdFTBMVlKqbqUK9KYWs1zE/zHm6GZsrJlR6Jjy94F+Kl5Rxx5Q3lAG42COViw43KxhsnNpq9dp8CtnxA10gy25FElKf8aOSY1oN+Mk/oT618w/IVPTzJ2iLv9eIlkDMsnuQchQwDNXy9jUUzDrSArNfyUQoscGwdx27+LeDJYaxYMX1iqQUhg9jRKgWU12UmvuWMkSRgMwymaJKX

cookie rememberMe

登录请求:

用户名

1,先序列化后

2,aes加密

3,最后base64

解密请求:

1,解码base64

2,解密aes

3,反序列化数据

Graph View