上一片文章实现了用户验证 查看
当用户成功登录后,关闭浏览器,重新打开浏览器访问http://localhost:8080,页面会跳转到登录页,因为浏览器的关闭后之前的登录已失效
Shiro提供了Remember Me的功能,用户的登录状态不会因为浏览器的关闭而失效,直到Cookie过期
1.修改ShiroConfig
(1)添加
/** * cookie对象 * @return */ public SimpleCookie rememberMeCookie() { // 设置cookie名称,对应login.html页面的<input type="checkbox" name="rememberMe"/> SimpleCookie cookie = new SimpleCookie("rememberMe"); // 设置cookie的过期时间,单位为秒,这里为一天 cookie.setMaxAge(86400); return cookie; } /** * cookie管理对象 * @return */ public CookieRememberMeManager rememberMeManager() { CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager(); cookieRememberMeManager.setCookie(rememberMeCookie()); // rememberMe cookie加密的密钥 cookieRememberMeManager.setCipherKey(Base64.decode("4AvVhmFLUs0KTA3Kprsdag==")); return cookieRememberMeManager; }
(2)将cookie管理对象设置到SecurityManager
修改securityManager()为
@Bean public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(myShiroRealm()); securityManager.setRememberMeManager(rememberMeManager());//新加 return securityManager; }
(3)改权限配置
将ShiroFilterFactoryBean的
filterChainDefinitionMap.put("/**", "authc")
修改为
filterChainDefinitionMap.put("/**", "user");
说明:
user指的是用户认证通过或者配置了Remember Me记住用户登录状态后可访问
2.修改login.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<link rel="stylesheet" th:href="@{/css/login.css}" type="text/css">
<link rel="stylesheet" th:href="@{css/iCheck/minimal/blue.css}" type="text/css">
<link rel="stylesheet" th:href="@{css/app.css}" type="text/css">
<script th:src="@{/js/jquery.min.js}"></script>
</head>
<body>
<div class="login-page">
<!-- Form-->
<div class="form">
<div class="form-toggle"></div>
<div class="form-panel one">
<div class="form-header">
<h1>账户登录</h1>
</div>
<div class="form-content">
<div class="form-group">
<label>用户名</label>
<input type="text" name="username" />
</div>
<div class="form-group">
<label>密码</label>
<input type="password" name="password" />
</div>
<div class="form-group" style="margin: 0px;">
<p>
<input type="checkbox" name="rememberme" /> 记住我</p>
</div>
<div class="form-group">
<button onclick="login()" id="loginButton">登录</button>
</div>
</div>
</div>
</div>
</div>
</body>
<script th:inline="javascript">
var ctx = [[@{/}]];
function login() {
var username = $("input[name='username']").val();
var password = $("input[name='password']").val();
var rememberMe = $("input[name='rememberMe']").is(':checked');
$.ajax({
type: "post",
url: ctx + "login",
data: {"username": username,"password": password,"rememberMe": rememberMe},
dataType: "json",
success: function (r) {
if (r.code == 0) {
location.href = ctx + 'index';
} else {
alert(r.msg);
}
}
});
}
</script>
</html>
3.修改LoginController
@PostMapping("/login")
@ResponseBody
public ResponseBo login(String username, String password, Boolean rememberMe) {
// 密码MD5加密
password = MD5Utils.encrypt(username, password);
System.out.println(password);
UsernamePasswordToken token = new UsernamePasswordToken(username, password,rememberMe);
// 获取Subject对象
Subject subject = SecurityUtils.getSubject();
try {
subject.login(token);
return ResponseBo.ok();
} catch (UnknownAccountException e) {
return ResponseBo.error(e.getMessage());
} catch (IncorrectCredentialsException e) {
return ResponseBo.error(e.getMessage());
} catch (LockedAccountException e) {
return ResponseBo.error(e.getMessage());
} catch (AuthenticationException e) {
return ResponseBo.error("认证失败!");
}
}
rememberMe选中的时候,Shiro就会帮忙记住用户的登录状态