1:加入jar:shiro-all-1.2.1.jar
2:
其他:
1:
请求与 loginUrl
2:
http请求为post请求
3:
使用 authc 进行拦截
以上三个条件满足,则可触发 登录验证(包含:username, password, rememberMe三个请求参数)
4:
原文:
This filter constructs a UsernamePasswordToken with the values found in username, password, and rememberMe request parameters. It then calls Subject.login(usernamePasswordToken), effectively automatically performing a login attempt. Note that the login attempt will only occur when the isLoginSubmission(request,response) is true, which by default occurs when the request is for the loginUrl and is a POST request.
5:
/login/logout.htm = logout
6:
清除个人登录缓存:
在 shiroDbRealm extends AuthorizingRealm中的doGetAuthenticationInfo方法中:
加入代码:clearCachedAuthorizationInfo(new ShiroUser(token.getUsername())); // 清除权限缓存
在登录时强制检查不存在的权限,防止权限懒加载:
SpringContextHolder.getBean(ShiroDbRealm.class).isPermitted(SecurityUtils.getSubject().getPrincipals(), "强制shiro检查加载用户权限缓存,避免懒加载!" + System.currentTimeMillis());