使用shiro实现登陆认证

shiro认证步骤：

1.收集Subject提交的身份和证明；

UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(),user.getPassword());

2.向Authenticating提交身份和证明；

Subject subject = SecurityUtils.getSubject();
subject.login(token);

3.捕获验证失败的异常信息

try{
	subject.login(token);
   }catch(UnknownAccountException e){
	...
   }catch(IncorrectCredentialsException e){
	...
  }

自定义一个实现登陆认证的xxxRealm继承自AuthorizingRealm：

protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken token) throws AuthenticationException {
		System.out.println("认证===========================");
		//得到含有username和password的token
		UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken)token;
		User user = this.loginService.login(usernamePasswordToken.getUsername());
		if(user==null){
			return null;
		}else{
			SecurityUtils.getSubject().getSession().setAttribute("user", user);
			//把用户的信息封装到该对象中
			AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user,user.getPassword(),getName());
			return authenticationInfo;
		}

在spring的配置文件中：

<bean id="xxxRealm" class="com.xxx.xxx.util.xxxRealm"></bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
	<property name="realm">
		<ref bean="xxxRealm" />
	</property>
</bean>