Java培训机构logo图

首页 课程 师资 教程 报名

实现简单的Shiro登录认证问题

  • 2021-11-16 10:20:49
  • 244次 动力节点

实现Shiro简单登录认证后出现问题。您不使用 ajax 请求登录。当你点击login访问一个controller方法,securityuils.getsubject.login(token)访问提交时,找不到地址。是否需要加密码呢?

//This is the controller
@RequestMapping("/checkLogin.do")
    private void login(HttpServletRequest request) throws UserException{
        String account = request.getParameter("account");
        String password = request.getParameter("password");
        UsernamePasswordToken token = new UsernamePasswordToken(account,password);
        Subject currentUser = SecurityUtils.getSubject();
        try{
            if(!currentUser.isAuthenticated()){
                currentUser.login(token);
            }
        }catch(UnknownAccountException uae){
            //User name / password error
            Throw new useraccountexception ("wrong user name or password! "";
        }catch(IncorrectCredentialsException ice){
            //User name / password error
            Throw new usercredentialsexception ("wrong user name or password! "";
        }catch(ExcessiveAttemptsException eae){
            //Abnormal login times, account locked
            Throw new userattemptsexception ("login more than 5 times, account locked! "";
        }catch(AuthenticationException ae){
            //Other exceptions
            Throw new userexception ("login failed! "";
        }
    }
    
}
//This is realm
@Override
    protected AuthenticationInfo doGetAuthenticationInfo(
            AuthenticationToken token) throws AuthenticationException {
        //Token based on user name and password
        //This token is from currentuser.login (token) of registcontroller
        UsernamePasswordToken uptoken = (UsernamePasswordToken)token;
        //Call service to query user through user account
        UserAuthDTO userAuth = userService.getUserAuthByAccount((String)uptoken.getPrincipal());
        if(userAuth == null){
            return null;
        }
        String identity = userAuth.getAccount();
        String password = userAuth.getPassword();
        String salt = userAuth.getSalt();
        if(userAuth.getIsLocked() != null && userAuth.getIsLocked() == 1){
            Throw new authenticationexception ("the account is locked! "";
        }
        AuthenticationInfo authInfo = new SimpleAuthenticationInfo(userAuth
                , password, ByteSource.Util.bytes(identity+salt), this.getName()); 
        System. Out. Println ("realm login authentication is over! "";
        return authInfo;
    }
}
//This is Shiro configuration
 <! -- configuration filter will be referenced by the filter configured in web.xml -- >
        <! -- Shiro's web filter -- >
        <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <! -- inject security component -- >
            <property name="securityManager" ref="securityManager" />
            <! -- set login address -- >
            <property name="loginUrl" value="/user/login.do"/>
            <property name="successUrl" value="/index.jsp"/>
<!--            <property name="unauthorizedUrl" value="/unauthorized.jsp"/> -->
            <! -- because every bean of type javax.servlet.filter that has been defined can pass the bean name in the definition of the chain
            So the filters property is not required. But you can replace the filters with the filters property as needed
            Instance or alias filter -- >
            <!-- <property name="filters">
                <map>
                    <entry key="anAlias" value-ref="someFilter"/>
                </map>
            </property>-->
            <! -- processor execution chain -- >
            <property name="filterChainDefinitions">
                <value>
                    <! -- define permission interception -- >
                    <! -- set anonymous access to static resources -- >
                    <! -- set anonymous access to login registration page -- >
                    /regist.jsp = anon
                    /login.jsp = anon
                </value>
            </property>
        </bean>
        <!-- securityManager -->
        <! -- Security Manager -- >
        <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="realm" ref="userAuthenticatorRealm"/>
        </bean>        
        <! -- ensure bean execution of lifecycle function within Shiro -- >
<!--        <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>-->
        
        <! -- configure the realm for specific authentication and authorization -- >
        <! -- inherit the user-defined realm of authorizing realm used to complete user login authentication -- >
        <bean id="userAuthenticatorRealm" class="com.maikesiwei.mksw.user.shiro.realm.UserAuthenticatorRealm">
            <! -- inject credentialsmatcher for certificate matching -- >
            <property name="credentialsMatcher" ref="credentialsMatcher"/>
        </bean>
        <! -- credential matcher -- >
        <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
            <! -- encryption hash algorithm -- >
            <property name="hashAlgorithmName" value="SHA-256"/>
            <! -- iterations -- >
            <property name="hashIterations" value="5"/>
        </bean>

最后点击登录。

HTTP Status 404 – /web-templet/user/user/checkLogin

type 状态报告

信息 /web-templet/user/user/checkLogin

描述 请求的资源不可用。

Apache Tomcat/8.0.44

如果在登录页面直接点击登录,会报账号密码错误。如果直接填写账号,点击登录域,会发现用户返回到认证信息,页面如下:

如果大家想了解更多相关知识,可以关注一下动力节点的Shiro视频教程,里面的内容详细,由浅到深,适合没有基础的小伙伴学习,希望对大家能够有所帮助。

选你想看

你适合学Java吗?4大专业测评方法

代码逻辑 吸收能力 技术学习能力 综合素质

先测评确定适合在学习

在线申请免费测试名额
价值1998元实验班免费学
姓名
手机
提交