登录验证:

LoginController:(LoginController.java)

@ResponseBody

    @RequestMapping(value="/login",method=RequestMethod.POST)

    public ResponseResult login(User user, HttpServletRequest request) {

        ResponseResult responseResult = new ResponseResult(ResponseResult.FAILURECODE,"登陆失败");

        String loginName = user.getLoginName();

        String passWord = user.getPassWord();

        String eccodePassWord = MD5Operation.getEncryptedPwd(passWord);

        /*调用shiro判断当前用户是否是系统用户*/

        //得到当前用户

        Subject subject = SecurityUtils.getSubject();

        //判断是否登录,如果未登录,则登录

        if (!subject.isAuthenticated()) {

            //创建用户名/密码验证Token, shiro是将用户录入的登录名和密码(未加密)封装到uPasswordToken对象中

            UsernamePasswordToken uPasswordToken = new UsernamePasswordToken(loginName,eccodePassWord);

            //自动调用AuthRealm.doGetAuthenticationInfo

            try {

                //执行登录,如果登录未成功,则捕获相应的异常

                subject.login(uPasswordToken);

                responseResult.setMsg("登录成功");

                responseResult.setCode(ResponseResult.SUCCESSCODE);

            }catch (Exception e) {

                // 捕获异常

            }

        }

        /*写seesion,保存当前user对象*/

        //从shiro中获取当前用户

        User sUser = (User)subject.getPrincipal();

        subject.getSession().setAttribute("sUser", sUser);

        return responseResult;

    }

ShiroAuthorizingRealm:自定义Realm(ShiroAuthorizingRealm.java)

public class ShiroAuthorizingRealm extends AuthorizingRealm {

    private static final Logger logger = Logger.getLogger(ShiroAuthorizingRealm.class);

    //注入用户管理对象

    @Autowired

    private UserService userService;

    public UserService getUserService() {

        return userService;

    }

    public void setUserService(UserService userService) {

        this.userService = userService;

    }

    @Override

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {

        // TODO 自动生成的方法存根

        return null;

    }

    @Override

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken uPasswordToken) throws AuthenticationException {

        UsernamePasswordToken upToken = (UsernamePasswordToken) uPasswordToken;

        String loginName = upToken.getUsername();

        String passWord = String.valueOf(upToken.getPassword());

        User user = null;

        try {

            user = userService.findUserByLoginName(loginName);

        } catch(Exception ex) {

            logger.warn("获取用户失败\n" + ex.getMessage());

        }

        if (user == null) {

            logger.warn("用户不存在");

            throw new UnknownAccountException("用户不存在");

        }

        else if (!passWord.equals(user.getPassWord())) {

             logger.warn("密码错误");

             throw new UnknownAccountException("密码错误");

        }

        logger.info("用户【" + loginName + "】登录成功");

        AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(user, user.getPassWord(), user.getUserName());

        Subject subject1 = SecurityUtils.getSubject();

        if (null != subject1) {

            Session session = subject1.getSession();

            if (null != session) {

                session.setAttribute("currentUser", user);

            }

        }

        return authcInfo;

    }

}

shiro.xml配置文件:(spring-shiro.xml)

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xmlns:aop="http://www.springframework.org/schema/aop"

    xmlns:context="http://www.springframework.org/schema/context"

    xmlns:mvc="http://www.springframework.org/schema/mvc"

    xmlns:tx="http://www.springframework.org/schema/tx"

    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd

        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd

        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.3.xsd

        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd">

    <!-- 缓存管理器 使用Ehcache实现 -->

    <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">

        <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml" />

    </bean>

    <!-- Shiro的Web过滤器 -->

    <!-- 此bean要被web.xml引用,和web.xml中的filtername同名 -->

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

        <property name="securityManager" ref="securityManager" />

        <property name="loginUrl" value="/system/login" />

        <property name="unauthorizedUrl" value="/" />

        <property name="filterChainDefinitions">

            <value>

                /system/login = anon

            </value>

        </property>

    </bean>

    <!-- 安全管理器 -->

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

        <property name="realm" ref="dbRealm" />

        <property name="cacheManager" ref="cacheManager"/>

    </bean>

    <!-- 自定义realm -->

    <bean id="dbRealm" class="lee.system.school.shiro.ShiroAuthorizingRealm">

        <property name="userService" ref="userService"/>

    </bean>

    <bean id="userService" class="lee.system.school.service.impl.UserService" />

    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

</beans>

web.xml:(web.xml)

    <!-- 加载spring容器 -->

    <context-param>

        <param-name>contextConfigLocation</param-name>

        <param-value>classpath:spring.xml,classpath:spring-mybatis.xml,classpath:spring-shiro.xml</param-value>

    </context-param>

<!-- 设置监听器 -->

    <listener>

        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

    </listener>

      <!-- Shiro配置(需要 ContextLoaderListener ) -->

    <filter>

        <filter-name>shiroFilter</filter-name>

        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

        <init-param>

            <param-name>targetFilterLifecycle</param-name>

            <param-value>true</param-value>

        </init-param>

    </filter>

    <filter-mapping>

        <filter-name>shiroFilter</filter-name>

        <url-pattern>/*</url-pattern>

    </filter-mapping>
ResponseResult类:(ResponseResult.java)
public class ResponseResult {

    /**

     * 返回code:成功

     */

    public final static int SUCCESSCODE = 1;

    /**

     * 返回code:失败

     */

    public final static int FAILURECODE = 0;

    private int code;

    private String msg;

    private Object data;

    public ResponseResult(int code) {

        this.code = code;

    }

    public ResponseResult(int code, String msg) {

        this.code = code;

        this.msg = msg;

    }

    public ResponseResult(int code, String msg, Object data) {

        this.code = code;

        this.msg = msg;

        this.data = data;

    }

    public int getCode() {

        return code;

    }

    public void setCode(int code) {

        this.code = code;

    }

    public String getMsg() {

        return msg;

    }

    public void setMsg(String msg) {

        this.msg = msg;

    }

    public Object getData() {

        return data;

    }

    public void setData(Object data) {

        this.data = data;

    }

}

java-shiro登录验证的更多相关文章

  1. shiro登录验证简单理解

    这两天接手了下师兄的项目,要给系统加个日志管理模块,其中需要记录登录功能的日志,那么首先要知道系统的登录是在哪里实现验证的. 该系统把所有登录验证还有权限控制的工作都交给了shiro. 这篇文章就先简 ...

  2. SpringMVC+Apache Shiro+JPA(hibernate)案例教学(三)给Shiro登录验证加上验证码

    序: 给Shiro加入验证码,有多种方式,当然你也可以通过继承修改FormAuthenticationFilter类,通过Shiro去验证验证码.具体实现请百度: 应用Shiro到Web Applic ...

  3. shiro登录验证原理

    这段时间有点忙,没咋写博客,今天打开staruml看到以前画的一张shiro原理图,先在这发一下,空了再好好进行分析.

  4. 简单两步快速实现shiro的配置和使用,包含登录验证、角色验证、权限验证以及shiro登录注销流程(基于spring的方式,使用maven构建)

    前言: shiro因为其简单.可靠.实现方便而成为现在最常用的安全框架,那么这篇文章除了会用简洁明了的方式讲一下基于spring的shiro详细配置和登录注销功能使用之外,也会根据惯例在文章最后总结一 ...

  5. Shiro安全框架入门篇(登录验证实例详解与源码)

    转载自http://blog.csdn.net/u013142781 一.Shiro框架简单介绍 Apache Shiro是Java的一个安全框架,旨在简化身份验证和授权.Shiro在JavaSE和J ...

  6. 基于权限安全框架Shiro的登录验证功能实现

    目前在企业级项目里做权限安全方面喜欢使用Apache开源的Shiro框架或者Spring框架的子框架Spring Security. Apache Shiro是一个强大且易用的Java安全框架,执行身 ...

  7. Apache Shiro:【2】与SpringBoot集成完成登录验证

    Apache Shiro:[2]与SpringBoot集成完成登录验证 官方Shiro文档:http://shiro.apache.org/documentation.html Shiro自定义Rea ...

  8. java桥连接sql server之登录验证及对数据库增删改查

    一:步骤 1.sql server建立数据库和相关表 2.建立数据源  (1).打开控制面板找到管理,打开ODBC选项或直接搜索数据源  (2).打开数据源配置后点击添加,选择sql server点击 ...

  9. Java Web Filter登录验证

    初做网站需要登录验证,转自 :http://blog.csdn.net/daguanjia11/article/details/48995789 Filter: Filter是服务器端的组件,用来过滤 ...

  10. Redis 在java中的使用(登录验证,5分钟内连续输错3次密码,锁住帐号,半小时后解封)(三)

    在java中使用redis,做简单的登录帐号的验证,使用string类型,使用redis的过期时间功能 1.首先进行redis的jar包的引用,因为用的是springBoot,springBoot集成 ...

随机推荐

  1. 18-09-27 pandas 学习02

    如何系统的学习python 中有关数据分析和挖掘相关的库?什么是系统的学习?系统的学习就是一个先搭建只是框架体系,然后不断填充知识看,不断更新迭代的过程. Pandas,numpy,scipy,mat ...

  2. 匿名函数lambda,过滤函数filter,映射类型map

    匿名函数lambda, 作用是不用定义函数,用完之后会自动被删掉,在使用执行脚本的时候,使用lambda就可以省下定义函数的过程,简化代码的可读性. 格式是 例子g=lambda x,y:x+y g( ...

  3. Java知识汇总——思维导图

    转载:https://www.cnblogs.com/java1024/p/8757952.html Java知识点汇总,从基础到常用的API.还有常用的集合类,总结的很详细.图片是从论坛里面找到的, ...

  4. Quartz 原理

    Quartz API :http://www.quartz-scheduler.org/api/2.2.0/ http://www.boyunjian.com/javadoc/org.apache.s ...

  5. Android: protecting the kernel

    Linux内置安全机制 Address space separation/process isolation unix permissions DAC capabilities SELinux sec ...

  6. [LeetCode&Python] Problem 784. Letter Case Permutation

    Given a string S, we can transform every letter individually to be lowercase or uppercase to create ...

  7. div和span与块级和行内标签

    <div>标签: 是一个区块容器标记,<div></div>之间是一个容器, 可以包含段落.表格.图片等各种HTML元素. <span>标签: 没有实际 ...

  8. Gym - 101981M:(南京) Mediocre String Problem(回文树+exkmp)

    #include<bits/stdc++.h> #define ll long long #define rep(i,a,b) for(int i=a;i<=b;i++) using ...

  9. ZOJ - 4081:Little Sub and Pascal's Triangle (结论)

    Little Sub is about to take a math exam at school. As he is very confident, he believes there is no ...

  10. xdoj-1324 (区间离散化-线段树求区间最值)

    思想 : 1 优化:题意是覆盖点,将区间看成 (l,r)转化为( l-1,r) 覆盖区间 2 核心:dp[i]  覆盖从1到i区间的最小花费 dp[a[i].r]=min (dp[k])+a[i]s; ...