在Shiro中, rememberMe
功能允许用户在下次访问应用时免除重新登录,保持持久性的登录状态。
1. 配置Shiro RememberMe
在Shiro配置类中配置 cookie
和 cookie管理器
,启用 rememberMe 功能。
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionStorageEvaluator;
import org.apache.shiro.web.session.mgt.WebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ShiroConfig {
@Bean
public SecurityManager securityManager(Realm customRealm) {
DefaultSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(customRealm);
// 设置RememberMe Cookie
SimpleCookie rememberMeCookie = new SimpleCookie("rememberMe");
rememberMeCookie.setMaxAge(2592000); // 设置Cookie有效期30天
securityManager.setRememberMeManager(rememberMeManager());
return securityManager;
}
@Bean
public Cookie rememberMeCookie() {
SimpleCookie cookie = new SimpleCookie("rememberMe");
cookie.setMaxAge(2592000); // 设置Cookie有效期30天
return cookie;
}
@Bean
public CookieRememberMeManager rememberMeManager() {
CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
rememberMeManager.setCookie(rememberMeCookie());
rememberMeManager.setCipherKey(Base64.decode("yourBase64Key"));
return rememberMeManager;
}
}
2. 在登录逻辑中启用RememberMe
在登录逻辑中,设置 rememberMe
参数为 true ,以便在登录成功后生成 rememberMe Cookie。
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
public class LoginService {
public void login(String username, String password, boolean rememberMe) {
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
token.setRememberMe(rememberMe);
try {
currentUser.login(token);
System.out.println("Login successful!");
} catch (AuthenticationException e) {
System.out.println("Login failed: " + e.getMessage());
}
}
}
3. 在Controller中设置RememberMe
在Controller中设置 rememberMe 参数为 true ,以便在登录时启用 rememberMe 功能。
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class LoginController {
@PostMapping("/login")
public String login(@RequestParam String username, @RequestParam String password, @RequestParam(required = false) boolean rememberMe) {
LoginService loginService = new LoginService();
loginService.login(username, password, rememberMe);
return "Login successful!";
}
}
通过上述代码,展示了如何在Shiro中结合 rememberMe 功能,配置 rememberMe Cookie并在登录逻辑中启用 rememberMe 参数。这样用户在下次访问应用时就可以免除重新登录,保持持久性的登录状态。