UsernamePasswordToken
token记录了主机号、用户名、密码以及rememberMe
。通过表单提交我们可以获取到后三者,主机号从request
对象中获取。
1 2 3 4 5 6
public class implements HostAuthenticationToken , RememberMeAuthenticationToken { private String username; private char [] password; private boolean rememberMe; private String host; }
配置
Cookie配置
1 2 3 4 5 6 7 8 9 10 11 12 13
public SimpleCookie simpleCookie () { SimpleCookie cookie = new SimpleCookie("rememberMe" ); cookie.setMaxAge(cookieMaxAge * 60 * 60 ); cookie.setPath(cookiePath); cookie.setDomain(cookieDomain); cookie.setHttpOnly(cookieHttpOnly); return cookie; }
RememberMeManager(管理器)配置
1 2 3 4 5 6 7 8 9
public CookieRememberMeManager rememberMeManager (SimpleCookie simpleCookie) { CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager(); cookieRememberMeManager.setCookie(simpleCookie); cookieRememberMeManager.setCipherKey(Base64.decode("fCq+/xW488hMTCD+cmJ3aQ==" )); 大专栏 shiro记住登录状态 ss="keyword">return cookieRememberMeManager; }
将RememberMeManager添加至SecurityMananger
1
defaultWebSecurityManager.setRememberMeManager(rememberMeManager);
配置拦截器
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
public ShiroFilterFactoryBean shiroFilterFactoryBean (SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); Map urlMap = new LinkedHashMap(); urlMap.put("/login" , "anon" ); urlMap.put("/css/**" , "anon" ); urlMap.put("/js/**" , "anon" ); urlMap.put("/fonts/**" , "anon" ); urlMap.put("/jqvmap/**" , "anon" ); urlMap.put("/logout" , "logout" ); urlMap.put("/**" , "user" ); shiroFilterFactoryBean.setFilterChainDefinitionMap(urlMap); shiroFilterFactoryBean.setLoginUrl("/login" ); shiroFilterFactoryBean.setSuccessUrl("/index" ); return shiroFilterFactoryBean; }
最后,从前台将获取到的用户名、密码及是否记住登录状态封装到token
,再执行subject.login(token)
,便大功告成。