1、在ShiroConfig配置类中添加记住我和cookie相关配置项以及用户过滤器
package com.wxg.springbootshiro.config;
import com.wxg.springbootshiro.realm.MyRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ShiroConfig {
@Autowired
MyRealm myRealm;
@Bean
public DefaultWebSecurityManager defaultSecurityManager(){
//1.创建DefaultWebSecurityManager对象
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
//2.创建加密对象,设置参数
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
//2.1设置md5加密
hashedCredentialsMatcher.setHashAlgorithmName("md5");
//2.2设置加密轮为三次
hashedCredentialsMatcher.setHashIterations(3);
//3.将加密对象加入到realm中
myRealm.setCredentialsMatcher(hashedCredentialsMatcher);
//4.将realm加入到DefaultWebSecurityManager对象
defaultWebSecurityManager.setRealm(myRealm);
//4.1将记住我加入到DefaultWebSecurityManager对象
defaultWebSecurityManager.setRememberMeManager(rememberMeManager());
//5.返回
return defaultWebSecurityManager;
}
//配置 Shiro 内置过滤器拦截范围
@Bean
public DefaultShiroFilterChainDefinition
shiroFilterChainDefinition(){
DefaultShiroFilterChainDefinition definition = new
DefaultShiroFilterChainDefinition();
//设置不认证可以访问的资源
definition.addPathDefinition("/myController/userLogin","anon");
definition.addPathDefinition("/login","anon");
//设置需要进行登录认证的拦截范围
definition.addPathDefinition("/**","authc");
//添加存在用户的过滤器(rememberMe)
definition.addPathDefinition("/**","user");
return definition;
}
//cookie 属性设置
public SimpleCookie rememberMeCookie(){
SimpleCookie cookie = new SimpleCookie("rememberMe");
//设置跨域
//cookie.setDomain(domain);
cookie.setPath("/");
cookie.setHttpOnly(true);
cookie.setMaxAge(30*24*60*60);
return cookie;
}
//创建 Shiro 的 cookie 管理对象
public CookieRememberMeManager rememberMeManager(){
CookieRememberMeManager cookieRememberMeManager = new
CookieRememberMeManager();
cookieRememberMeManager.setCookie(rememberMeCookie());
cookieRememberMeManager.setCipherKey("1234567890987654".getBytes());
return cookieRememberMeManager;
}
}
2、login.html中添加一个选择框,用于是否勾选记住我
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="/myController/userLogin">
<div>用户名:<input type="text" name="name" value=""></div>
<div>密码:<input type="password" name="pwd" value=""></div>
<div>记住用户:<input type="checkbox" name="rememberMe"
value="true"></div>
<div><input type="submit" value="登录"></div>
</form>
</body>
</html>
3、在LoginController中添加验证方法
//登录认证验证 rememberMe,场景如下
//1.如果勾选了记住我,登录后,关闭浏览器,再次打开浏览器,直接访问当前方法可以访问
//2.如果未勾选了记住我,登录后,关闭浏览器,再次打开浏览器,直接访问当前方法不可以访问,会跳转到login登录页
@GetMapping("userLoginRm")
public String userLogin(HttpSession session) {
User user=(User) SecurityUtils.getSubject().getPrincipal();
System.out.println("用户:"+user);
session.setAttribute("user","rememberMe");
return "main";
}
4、在LoginController中修改userLogin方法,添加rememberMe属性,在生成token时候注册进去
5、验证以下两种场景:
a.如果勾选了记住我,登录后,关闭浏览器,再次打开浏览器,直接访问userLoginRm
可以访问
b.如果未勾选了记住我,登录后,关闭浏览器,再次打开浏览器,直接访问userLoginRm不可以访问,会跳转到login登录页