Shiro realizes the process of logging in

 

The process of shiro to achieve login:

approximately

 1. Instantiate the token

 2, put the token into the Subject to log in

 

1. Custom login

   1. Instantiate the token

   2, put the token into the Subject to log in

   Subject currentUser = SecurityUtils.getSubject(); // Get the current Subject

   UsernamePasswordToken token = new UsernamePasswordToken(username, password); // token encapsulated to authenticate the logged in user

   token.setRememberMe(true);// Design to remember the user

   currentUser.login(token);

   if (currentUser.isAuthenticated()) {

System.out.println("User [" + username + "] Login authentication passed");

}

 

The overridden createToken method will not be called when the custom token is logged in

 

 

2. Login using the framework

     1. Instantiate the token

     2, put the token into the Subject to log in

 

public abstract class AuthenticatingFilter extends AuthenticationFilter {

 protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {

        AuthenticationToken token = this.createToken(request, response);

        if(token == null) {

            String e1 = "createToken method implementation returned null. A valid non-null AuthenticationToken must be created in order to execute a login attempt.";

            throw new IllegalStateException(e1);

        } else {

            try {

                Subject e = this.getSubject(request, response);

                e.login(token);

                return this.onLoginSuccess(token, e, request, response);

            } catch (AuthenticationException var5) {

                return this.onLoginFailure(token, var5, request, response);

            }

        }

    }

}

 

 

 

 

public class MyAuthenticationFilter extends FormAuthenticationFilter{

@Override

protected org.apache.shiro.authc.AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {

String username = getUsername(servletRequest);

String password = getPassword(servletRequest);

String captchaId = getCaptchaId(servletRequest);

String captcha = getCaptcha(servletRequest);

boolean rememberMe = isRememberMe(servletRequest);

if(!rememberMe){

rememberMe=true;

}

String host = getHost(servletRequest);

String validateCode = (String)((HttpServletRequest) servletRequest).getSession().getAttribute("validateCode");;

return new AuthenticationToken( username,  password,

captchaId,  captcha,  validateCode,

rememberMe,  host) ;

}

 

 

 

}