UsernamePasswordToken
token记录了主机号、用户名、密码以及rememberMe。通过表单提交我们可以获取到后三者,主机号从request对象中获取。
1 2 3 4 5 6 public class implements HostAuthenticationToken , RememberMeAuthenticationToken private String username; private char [] password; private boolean rememberMe; private String host; }
配置
Cookie配置
1 2 3 4 5 6 7 8 9 10 11 12 13 public SimpleCookie simpleCookie () SimpleCookie cookie = new SimpleCookie("rememberMe" ); cookie.setMaxAge(cookieMaxAge * 60 * 60 ); cookie.setPath(cookiePath); cookie.setDomain(cookieDomain); cookie.setHttpOnly(cookieHttpOnly); return cookie; }
RememberMeManager(管理器)配置
1 2 3 4 5 6 7 8 9 public CookieRememberMeManager rememberMeManager (SimpleCookie simpleCookie) CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager(); cookieRememberMeManager.setCookie(simpleCookie); cookieRememberMeManager.setCipherKey(Base64.decode("fCq+/xW488hMTCD+cmJ3aQ==" )); 大专栏 shiro记住登录状态 ss="keyword">return cookieRememberMeManager; }
将RememberMeManager添加至SecurityMananger
1 defaultWebSecurityManager.setRememberMeManager(rememberMeManager);
配置拦截器
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 public ShiroFilterFactoryBean shiroFilterFactoryBean (SecurityManager securityManager) ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); Map urlMap = new LinkedHashMap(); urlMap.put("/login" , "anon" ); urlMap.put("/css/**" , "anon" ); urlMap.put("/js/**" , "anon" ); urlMap.put("/fonts/**" , "anon" ); urlMap.put("/jqvmap/**" , "anon" ); urlMap.put("/logout" , "logout" ); urlMap.put("/**" , "user" ); shiroFilterFactoryBean.setFilterChainDefinitionMap(urlMap); shiroFilterFactoryBean.setLoginUrl("/login" ); shiroFilterFactoryBean.setSuccessUrl("/index" ); return shiroFilterFactoryBean; }
最后,从前台将获取到的用户名、密码及是否记住登录状态封装到token,再执行subject.login(token),便大功告成。