登录:
1、loginController中
@Controller
@RequestMapping("/shiro")
public class LoginController {
@RequestMapping(value="/login")
public String gotoLogin(@RequestParam("username") String username,@RequestParam("password") String password){
Subject currentUser=SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
//把用户名和密码封装为UsernamePasswordToken对象
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
//RememberMe
token.setRememberMe(true);
try {
// System.out.println("1. "+token.hashCode());
//执行登录
currentUser.login(token);
}
//所有认证时异常的父类
catch (AuthenticationException ae) {
System.out.println("登录失败:"+ae.getMessage());
}
}
return "redirect:/webpage/sys/list.jsp";
}
}
这里要注意的是从前端获取到用户名和密码后,将其封装为UsernamePasswordToken类型的token,然后realm中会对其进行比对,如果验证成功后,就执行currentUser.login(token);
2、别忘了在applicationContext中配置认证
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/webpage/sys/login.jsp"/>
<property name="successUrl" value="/webpage/sys/list.jsp"/>
<property name="unauthorizedUrl" value="/webpage/sys/unauthorized.jsp"/>
<property name="filterChainDefinitions">
<value>
/webpage/sys/login.jsp = anon
/shiro/login = anon
/shiro/logout=logout
/static/**=anon
# everything else requires authentication:
/** = authc
</value>
</property>
</bean>
执行登录过后,发现不输入密码也能跳转到登录成功的页面去,这是因为shiro中有缓存,因此要做登出。
登出
这个很简单,在里面加上/shiro/logout=logout,同时也把/shiro/logout作为jsp页面登出的请求地址。就行了