shiro登陆认证
Posted 方大帝的博客
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了shiro登陆认证相关的知识,希望对你有一定的参考价值。
1.LoginController
@RequestMapping(method = RequestMethod.POST) public String login(User user, HttpServletRequest request) { try { ubject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(user.getLoginName(), user.getPassword()); token.setRememberMe(true); String vcode = request.getParameter("verifyCode"); String verifyCode = subject.getSession().getAttribute(Global.SESSION_SECURITY_CODE).toString(); if (vcode.equals(verifyCode)) { subject.login(token); //启动认证 } } catch (Exception e) { e.printStackTrace(); return "modules/sys/sysLogin"; } return "redirect:index"; }
2.AuthenticationInfo
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) { // 令牌——基于用户名和密码的令牌 UsernamePasswordToken token = (UsernamePasswordToken) authcToken; // 令牌中可以取出用户名 String username = token.getUsername(); String password = String.valueOf(token.getPassword()); // 让shiro框架去验证账号密码 if (!StringUtils.isEmpty(username)) { User record = new User(); record.setLoginName(username); User user = userService.queryOne(record); if (null != user) { String pwdEncrypt = CipherUtil.createPwdEncrypt(password, username); if (user.getPassword().equals(pwdEncrypt)) { AuthenticationInfo info = new SimpleAuthenticationInfo(user.getLoginName(), password, getName()); if (info != null) { UserUtils.setSession(Global.SESSION_USER, user); } return info; } else { throw new IncorrectCredentialsException(); /* 错误认证异常 */ } } else { throw new UnknownAccountException(); /* 找不到帐号异常 */ } } else { throw new AuthenticationException(); } }
以上是关于shiro登陆认证的主要内容,如果未能解决你的问题,请参考以下文章
springside4.1的shiro+cas会陷入认证死循环,跳到cas服务器登陆后无法打开页面.Firefox提示请求循环重定