Controller
@RequestMapping("/loginHandle")
public String loginHandle(String name, String pass, Model model) {
/**
* 编写shiro认证操作
*/
// 1.获取subject
// 通常我们会将Subject对象理解为一个用户,同样的它也有可能是一个三方程序,它是一个抽象的概念,可以理解为任何与系统交互的“东西”都是Subject。
Subject subject = SecurityUtils.getSubject();
//2.封装用户数据
UsernamePasswordToken token = new UsernamePasswordToken(name, pass);
//3.执行登录方法
try {
System.out.println(token.getUsername() + "\t" + token.getPassword() + "\t这是controller里面的");
subject.login(token); //只要一执行认证方法就会来到 认证操作的那个类 UserRealm(这个类是自己编写的 下文贴出)
//只要这个方法没有任何异常 就代表登录成功
} catch (UnknownAccountException e) {
//登录失败 UnknownAccountException 代表用户名不存在
model.addAttribute("msg", "用户名不存在");
System.out.println("登录失败");
return "Testanon";
} catch (Exception e1) {
System.out.println(e1);
//密码错误 IncorrectCredentialsException
//登录失败
model.addAttribute("msg", "密码错误");
return "Testanon";
}
model.addAttribute("msg", "验证通过");
return "Testanon";
}
UserRealm 这个算一个配置类 config
public class UserRealm extends AuthorizingRealm {
/**
* 执行授权逻辑
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行授权逻辑");
return null;
}
/**
* 执行认证逻辑
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Autowired
FindUser findUser;
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("执行认证逻辑");
//编写shiro判断逻辑,判断认证逻辑
//1.判断用户名
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; //拿出来传进来的token参数
UsernamePasswordToken token1= null;
try {
token1 = findUser.find(token.getUsername()); //在数据库查找username 并返回一个封装好的token
} catch (Exception e) {
System.out.println(e);
return null;
}
//判断密码
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo("",token1.getPassword(),"");
return simpleAuthenticationInfo;
}
}
Service:
@Service
public class FindUser {
private Connection connection;
private ResultSet resultSet;
private PreparedStatement preparedStatement;
public UsernamePasswordToken find(String username) throws Exception {
String password = "";
connection = DBHelper.getConnection();
String sql = "select password from jduser where phonenum = ?";
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setString(1,username);
resultSet = preparedStatement.executeQuery();
while (resultSet.next()){
password = resultSet.getString("password");
}
user u = new user(username,password);
return new UsernamePasswordToken(u.getPhonenum(),u.getPassword());
}
}