更新时间:2021-11-16 10:20:49 来源:极悦 浏览810次
实现Shiro简单登录认证后出现问题。您不使用 ajax 请求登录。当你点击login访问一个controller方法,securityuils.getsubject.login(token)访问提交时,找不到地址。是否需要加密码呢?
//This is the controller
@RequestMapping("/checkLogin.do")
private void login(HttpServletRequest request) throws UserException{
String account = request.getParameter("account");
String password = request.getParameter("password");
UsernamePasswordToken token = new UsernamePasswordToken(account,password);
Subject currentUser = SecurityUtils.getSubject();
try{
if(!currentUser.isAuthenticated()){
currentUser.login(token);
}
}catch(UnknownAccountException uae){
//User name / password error
Throw new useraccountexception ("wrong user name or password! "";
}catch(IncorrectCredentialsException ice){
//User name / password error
Throw new usercredentialsexception ("wrong user name or password! "";
}catch(ExcessiveAttemptsException eae){
//Abnormal login times, account locked
Throw new userattemptsexception ("login more than 5 times, account locked! "";
}catch(AuthenticationException ae){
//Other exceptions
Throw new userexception ("login failed! "";
}
}
}
//This is realm
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken token) throws AuthenticationException {
//Token based on user name and password
//This token is from currentuser.login (token) of registcontroller
UsernamePasswordToken uptoken = (UsernamePasswordToken)token;
//Call service to query user through user account
UserAuthDTO userAuth = userService.getUserAuthByAccount((String)uptoken.getPrincipal());
if(userAuth == null){
return null;
}
String identity = userAuth.getAccount();
String password = userAuth.getPassword();
String salt = userAuth.getSalt();
if(userAuth.getIsLocked() != null && userAuth.getIsLocked() == 1){
Throw new authenticationexception ("the account is locked! "";
}
AuthenticationInfo authInfo = new SimpleAuthenticationInfo(userAuth
, password, ByteSource.Util.bytes(identity+salt), this.getName());
System. Out. Println ("realm login authentication is over! "";
return authInfo;
}
}
//This is Shiro configuration
<! -- configuration filter will be referenced by the filter configured in web.xml -- >
<! -- Shiro's web filter -- >
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<! -- inject security component -- >
<property name="securityManager" ref="securityManager" />
<! -- set login address -- >
<property name="loginUrl" value="/user/login.do"/>
<property name="successUrl" value="/index.jsp"/>
<!-- <property name="unauthorizedUrl" value="/unauthorized.jsp"/> -->
<! -- because every bean of type javax.servlet.filter that has been defined can pass the bean name in the definition of the chain
So the filters property is not required. But you can replace the filters with the filters property as needed
Instance or alias filter -- >
<!-- <property name="filters">
<map>
<entry key="anAlias" value-ref="someFilter"/>
</map>
</property>-->
<! -- processor execution chain -- >
<property name="filterChainDefinitions">
<value>
<! -- define permission interception -- >
<! -- set anonymous access to static resources -- >
<! -- set anonymous access to login registration page -- >
/regist.jsp = anon
/login.jsp = anon
</value>
</property>
</bean>
<!-- securityManager -->
<! -- Security Manager -- >
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="userAuthenticatorRealm"/>
</bean>
<! -- ensure bean execution of lifecycle function within Shiro -- >
<!-- <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>-->
<! -- configure the realm for specific authentication and authorization -- >
<! -- inherit the user-defined realm of authorizing realm used to complete user login authentication -- >
<bean id="userAuthenticatorRealm" class="com.maikesiwei.mksw.user.shiro.realm.UserAuthenticatorRealm">
<! -- inject credentialsmatcher for certificate matching -- >
<property name="credentialsMatcher" ref="credentialsMatcher"/>
</bean>
<! -- credential matcher -- >
<bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<! -- encryption hash algorithm -- >
<property name="hashAlgorithmName" value="SHA-256"/>
<! -- iterations -- >
<property name="hashIterations" value="5"/>
</bean>
最后点击登录。
HTTP Status 404 – /web-templet/user/user/checkLogin
type 状态报告
信息 /web-templet/user/user/checkLogin
描述 请求的资源不可用。
Apache Tomcat/8.0.44
如果在登录页面直接点击登录,会报账号密码错误。如果直接填写账号,点击登录域,会发现用户返回到认证信息,页面如下:
如果大家想了解更多相关知识,可以关注一下极悦的Shiro视频教程,里面的内容详细,由浅到深,适合没有基础的小伙伴学习,希望对大家能够有所帮助。
0基础 0学费 15天面授
Java就业班有基础 直达就业
业余时间 高薪转行
Java在职加薪班工作1~3年,加薪神器
工作3~5年,晋升架构
提交申请后,顾问老师会电话与您沟通安排学习