一般的登陆只需要校验账号和密码两个要素
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(
user.getAccNum(), user.getPasswd());
try {
subject.login(usernamePasswordToken);
} catch (UnknownAccountException uae) {
return result.failed("账号或密码错误");
} catch (IncorrectCredentialsException ice) {
return result.failed("账号或密码错误");
} catch (LockedAccountException lae) {
return result.failed("账号被冻结");
} catch (RuntimeException re) {
return result.failed(re.getMessage());
}
如上,默认的UsernamePasswordToken
就能满足需求
现有需求,不仅需要账号和密码,还需要附带一个组织id来校验用户信息,解决方案,自行重写token
一、定义token
package cn.com.suntree.treeback.config;
import org.apache.shiro.authc.AuthenticationToken;
public class MyAuthenticationToken implements AuthenticationToken {
private String companyId;//新增的校验因子
/**
* The username
*/
private String username;
/**
* The password, in char[] format
*/
private char[] password;
public void setCompanyId(String companyId){
this.companyId = companyId;
}
public String getCompanyId(){
return companyId;
}