我们已经完成了用户的CRUD操作。本文我们来介绍下基于Shiro的登录认证操作。
登录认证
1.整合shiro
1.1 添加依赖
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> </dependency>
1.2 web.xml中注册
<!-- shiro过虑器,DelegatingFilterProxy通过代理模式将spring容器中的bean和filter关联起来 --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <!-- 设置true由servlet容器控制filter的生命周期 --> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> <!-- 设置spring容器filter的bean id,如果不设置则找与filter-name一致的bean --> <init-param> <param-name>targetBeanName</param-name> <param-value>shiro</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
1.3 自定义Realm
/** * 自定义的Realm * @author 波波烤鸭 * * dengpbs@163.com */ public class MyRealm extends AuthorizingRealm{ /** * 认证的方法 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { // TODO Auto-generated method stub return null; } /** * 授权的方法 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { // TODO Auto-generated method stub return null; } }
1.4 添加shiro的配置文件
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:aop="http://www.springframework.org/schema/aop" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.3.xsd"> <!-- 注册自定义Realm --> <bean class="com.bobo.realm.MyRealm" id="myRealm"> </bean> <!-- 注册SecurityManager --> <bean class="org.apache.shiro.web.mgt.DefaultWebSecurityManager" id="securityManager"> <!-- 配置自定义Realm --> <property name="realm" ref="myRealm"/> </bean> <!-- 注册ShiroFilterFactoryBean 注意id必须和web.xml中注册的targetBeanName的值一致 --> <bean class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" id="shiro"> <!-- 注册SecurityManager --> <property name="securityManager" ref="securityManager"/> <!-- 登录地址 如果用户请求的的地址是 login.do 那么会对该地址认证--> <property name="loginUrl" value="/login.do"/> <!-- 登录成功的跳转地址 --> <property name="successUrl" value="/main"/> <!-- 访问未授权的页面跳转的地址 --> <property name="unauthorizedUrl" value="/jsp/refuse.jsp"/> <!-- 设置 过滤器链 --> <property name="filterChainDefinitions"> <value> <!--加载顺序从上往下。 authc需要认证 anon可以匿名访问的资源 --> / = anon /login = anon /images/** = anon /css/** = anon /js/** = anon /lib/** = anon /login.do = authc /** = authc </value> </property> </bean> </beans>
2.登录实现
2.1登录界面
http://localhost:8082/ 或者 http://localhost:8082/login
登录页面代码:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>欢迎登录后台管理系统</title> <link href="/css/style.css" rel="stylesheet" type="text/css" /> <script language="JavaScript" src="/js/jquery.js"></script> <script src="/js/cloud.js" type="text/javascript"></script> <script language="javascript"> $(function() { $('.loginbox').css({ 'position' : 'absolute', 'left' : ($(window).width() - 692) / 2 }); $(window).resize(function() { $('.loginbox').css({ 'position' : 'absolute', 'left' : ($(window).width() - 692) / 2 }); }) }); </script> </head> <body style="background-color: #1c77ac; background-image: url(/images/light.png); background-repeat: no-repeat; background-position: center top; overflow: hidden;"> <div id="mainBody"> <div id="cloud1" class="cloud"></div> <div id="cloud2" class="cloud"></div> </div> <div class="logintop"> <span>欢迎登录后台管理界面平台</span> <ul> <li><a href="#">回首页</a></li> <li><a href="#">帮助</a></li> <li><a href="#">关于</a></li> </ul> </div> <div class="loginbody"> <span class="systemlogo"></span> <div class="loginbox"> <form action="/login.do" method="post"> <ul> <li><input name="username" type="text" class="loginuser" /> </li> <li><input name="password" type="password" class="loginpwd" /> </li> <li><input name="" type="submit" class="loginbtn" value="登录"/> <label> <input name="" type="checkbox" value="" checked="checked" />记住密码 </label> <label> <ahref="#">忘记密码?</a> </label> </li> </ul> </form> </div> </div> <div style="display: none"> <script src='http://v7.cnzz.com/stat.php?id=155540&web_id=155540' language='JavaScript' charset='gb2312'></script> </div> </body> </html>
2.2登录认证
UserServiceImpl中修改query方法
@Override public List<User> query(User user) { UserExample example = new UserExample(); if(user!=null){ if(!"".equals(user.getUserName()) && user.getUserName()!= null){ // 根据账号查询 example.createCriteria().andUserNameEqualTo(user.getUserName()); } } return userMapper.selectByExample(example); }
自定义Realm中完成认证的逻辑
@Resource private IUserService userService; /** * 认证的方法 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { // 获取提交的账号 UsernamePasswordToken t = (UsernamePasswordToken) token; // 获取登录的账号 String userName = t.getUsername(); User user = new User(); user.setUserName(userName); List<User> list = userService.query(user); if(list == null || list.size() > 1){ // 账号不存在或者用户过多都返回null return null; } user = list.get(0); SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(),"bobo"); return info; }
完成controller逻辑
@Controller public class LoginController { /** * 设定登录失败跳转的资源以及获取失败的信息 * * @param model * @param request * @return */ @RequestMapping("/login.do") public String login(Model model, HttpServletRequest request) { Object ex = request.getAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME); if (ex != null) { System.out.println(ex.toString() + "----------"); } if (UnknownAccountException.class.getName().equals(ex)) { System.out.println("----账号不正确----->"); model.addAttribute("msg", "账号不正确"); } else if (IncorrectCredentialsException.class.getName().equals(ex)) { System.out.println("----密码不正确----->"); model.addAttribute("msg", "密码不正确"); } else { System.out.println("----其他错误----->"); model.addAttribute("msg", "其他错误"); } return "login"; } }
3.测试
启动后随便输入一个地址,会发现重新跳回了登录页面
http://localhost:8082/aaabcc
登录测试
账号密码正确的情况下进入了main.jsp页面
4.退出功能
top.jsp中修改
LoginController中添加退出的方法
/** * 退出登录 * @return */ @RequestMapping("/logout.do") public String logout(){ SecurityUtils.getSubject().logout(); return "login"; }
操作测试即可
