The process of shiro to achieve login:
approximately
1. Instantiate the token
2, put the token into the Subject to log in
1. Custom login
1. Instantiate the token
2, put the token into the Subject to log in
Subject currentUser = SecurityUtils.getSubject(); // Get the current Subject
UsernamePasswordToken token = new UsernamePasswordToken(username, password); // token encapsulated to authenticate the logged in user
token.setRememberMe(true);// Design to remember the user
currentUser.login(token);
if (currentUser.isAuthenticated()) {
System.out.println("User [" + username + "] Login authentication passed");
}
The overridden createToken method will not be called when the custom token is logged in
2. Login using the framework
1. Instantiate the token
2, put the token into the Subject to log in
public abstract class AuthenticatingFilter extends AuthenticationFilter {
protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
AuthenticationToken token = this.createToken(request, response);
if(token == null) {
String e1 = "createToken method implementation returned null. A valid non-null AuthenticationToken must be created in order to execute a login attempt.";
throw new IllegalStateException(e1);
} else {
try {
Subject e = this.getSubject(request, response);
e.login(token);
return this.onLoginSuccess(token, e, request, response);
} catch (AuthenticationException var5) {
return this.onLoginFailure(token, var5, request, response);
}
}
}
}
public class MyAuthenticationFilter extends FormAuthenticationFilter{
@Override
protected org.apache.shiro.authc.AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
String username = getUsername(servletRequest);
String password = getPassword(servletRequest);
String captchaId = getCaptchaId(servletRequest);
String captcha = getCaptcha(servletRequest);
boolean rememberMe = isRememberMe(servletRequest);
if(!rememberMe){
rememberMe=true;
}
String host = getHost(servletRequest);
String validateCode = (String)((HttpServletRequest) servletRequest).getSession().getAttribute("validateCode");;
return new AuthenticationToken( username, password,
captchaId, captcha, validateCode,
rememberMe, host) ;
}
}