序: 在上一篇中,咱们已经对于项目已经做了基本的配置,这一篇文章开始学习Shiro如何对登录进行验证。
教学: 一、Shiro配置的简要说明。 有心人可能注意到了,在上一章的applicationContext.xml配置文件中,包含以下配置。 <!-- 項目自定义的Realm --> <bean id="shiroDbRealm" class="org.shiro.demo.service.realm.ShiroDbRealm" ></bean> <!-- Shiro Filter --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/" /> <property name="successUrl" value="/system/main" /> <property name="unauthorizedUrl" value="/system/error" /> <property name="filterChainDefinitions"> <value> /login = anon /validateCode = anon /** = authc </value> </property> </bean> 大致解释: 在Shiro Filter当中:
ShiroDbRealm.java package org.shiro.demo.service.realm; import javax.annotation.Resource; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.shiro.demo.entity.User; import org.shiro.demo.service.IUserService; public class ShiroDbRealm extends AuthorizingRealm{ @Resource(name="userService") private IUserService userService; protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { return null; } /** * 认证回调函数,登录时调用. */ protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; User user = userService.getByAccount(token.getUsername()); if (user != null) { return new SimpleAuthenticationInfo(user.getAccount(), user .getPassword(), user.getNickname()); } else { return null; } } } 继承AuthorizingRealm类,且重写doGetAuthorizationInfo及doGetAuthenticationInfo方法。 三、新建UserController.java类 @Controller public class UserController { private static final Log log = LogFactory.getLog(UserController.class); /** * 判断用户是否登录 * @param currUser * @return */ @RequestMapping(value = "/login",method=RequestMethod.POST) public String isLogin(User currUser){ Subject user = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(currUser.getAccount(),currUser.getPassword()); token.setRememberMe(true); try { user.login(token); return "redirect:/main"; }catch (AuthenticationException e) { log.error("登录失败错误信息:"+e); token.clear(); return "redirect:/login"; } } } 四、新建login.jsp <form action="<%=basePath%>/login" method="post"> 用户名:<input type="text" name="account"/> <br/> 密码:<input type="text" name="password"/><br/> <input type="submit" value="登录" /> </form> 然后通过SpringMVC访问到login.jsp页面,测试Shiro的用户验证。 |
|
来自: wayne_liberary > 《Shiro》