java-shiro登录验证

Posted 2020-11-12 ~泊水~

登录验证：

LoginController：（LoginController.java）

@ResponseBody
    @RequestMapping(value="/login",method=RequestMethod.POST)
    public ResponseResult login(User user, HttpServletRequest request) {
        ResponseResult responseResult = new ResponseResult(ResponseResult.FAILURECODE,"登陆失败");
        String loginName = user.getLoginName();
        String passWord = user.getPassWord();
        String eccodePassWord = MD5Operation.getEncryptedPwd(passWord);
        
        /*调用shiro判断当前用户是否是系统用户*/
        //得到当前用户
        Subject subject = SecurityUtils.getSubject();
        //判断是否登录，如果未登录，则登录
        if (!subject.isAuthenticated()) {
            //创建用户名/密码验证Token, shiro是将用户录入的登录名和密码（未加密）封装到uPasswordToken对象中
            UsernamePasswordToken uPasswordToken = new UsernamePasswordToken(loginName,eccodePassWord);
            //自动调用AuthRealm.doGetAuthenticationInfo
            try {
                //执行登录，如果登录未成功，则捕获相应的异常
                subject.login(uPasswordToken);
                responseResult.setMsg("登录成功");
                responseResult.setCode(ResponseResult.SUCCESSCODE);
            }catch (Exception e) {
                // 捕获异常
            }
        }
                
        /*写seesion，保存当前user对象*/
        //从shiro中获取当前用户
        User sUser = (User)subject.getPrincipal();
        subject.getSession().setAttribute("sUser", sUser);
        return responseResult;
    }

ShiroAuthorizingRealm：自定义Realm(ShiroAuthorizingRealm.java)

public class ShiroAuthorizingRealm extends AuthorizingRealm {

    private static final Logger logger = Logger.getLogger(ShiroAuthorizingRealm.class);
    //注入用户管理对象
    @Autowired
    private UserService userService;
    public UserService getUserService() {
        return userService;
    }

    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
        // TODO 自动生成的方法存根
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken uPasswordToken) throws AuthenticationException {
        UsernamePasswordToken upToken = (UsernamePasswordToken) uPasswordToken;
        String loginName = upToken.getUsername();
        String passWord = String.valueOf(upToken.getPassword());
        User user = null;
        try {
            user = userService.findUserByLoginName(loginName);
        } catch(Exception ex) {
            logger.warn("获取用户失败\n" + ex.getMessage());
        }
        if (user == null) {
            logger.warn("用户不存在");
            throw new UnknownAccountException("用户不存在");
        }
        else if (!passWord.equals(user.getPassWord())) {
             logger.warn("密码错误");
             throw new UnknownAccountException("密码错误");
        }
        logger.info("用户【" + loginName + "】登录成功");
        
        AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(user, user.getPassWord(), user.getUserName());
        Subject subject1 = SecurityUtils.getSubject();
        if (null != subject1) {
            Session session = subject1.getSession();
            if (null != session) {
                session.setAttribute("currentUser", user);
            }
        }
        return authcInfo;
    }

   
}

shiro.xml配置文件：(spring-shiro.xml)

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.3.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd">

    <!-- 缓存管理器 使用Ehcache实现 -->
    <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
        <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml" />
    </bean>
    
    <!-- Shiro的Web过滤器 -->
    <!-- 此bean要被web.xml引用,和web.xml中的filtername同名 -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="loginUrl" value="/system/login" />
        <property name="unauthorizedUrl" value="/" />
        <property name="filterChainDefinitions">
            <value>
                /system/login = anon
            </value>
        </property>
    </bean>
    
    <!-- 安全管理器 -->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="dbRealm" />
        <property name="cacheManager" ref="cacheManager"/>
    </bean>
    <!-- 自定义realm -->
    <bean id="dbRealm" class="lee.system.school.shiro.ShiroAuthorizingRealm">
        <property name="userService" ref="userService"/>
    </bean>
    <bean id="userService" class="lee.system.school.service.impl.UserService" />
    
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
</beans>

web.xml：(web.xml)

    <!-- 加载spring容器 -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:spring.xml,classpath:spring-mybatis.xml,classpath:spring-shiro.xml</param-value>
    </context-param>

<!-- 设置监听器 -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
      
      <!-- Shiro配置(需要 ContextLoaderListener ) -->
    <filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
            <param-name>targetFilterLifecycle</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

ResponseResult类：（ResponseResult.java）

public class ResponseResult {
    /**
     * 返回code：成功
     */
    public final static int SUCCESSCODE = 1;
    
    /**
     * 返回code：失败
     */
    public final static int FAILURECODE = 0;

    private int code;
    private String msg;
    private Object data;

    public ResponseResult(int code) {
        this.code = code;
    }

    public ResponseResult(int code, String msg) {
        this.code = code;
        this.msg = msg;
    }

    public ResponseResult(int code, String msg, Object data) {
        this.code = code;
        this.msg = msg;
        this.data = data;
    }

    public int getCode() {
        return code;
    }

    public void setCode(int code) {
        this.code = code;
    }

    public String getMsg() {
        return msg;
    }

    public void setMsg(String msg) {
        this.msg = msg;
    }

    public Object getData() {
        return data;
    }

    public void setData(Object data) {
        this.data = data;
    }
}