登录的controller,简单版本 @RequestMapping("/login") public String login(String username, String password) throws Exception { System.out.println("进入shirod接管的login " + username + "___" + password); Subject currentUser = SecurityUtils.getSubject(); //若没有认证 if (!currentUser.isAuthenticated()) { UsernamePasswordToken token = new UsernamePasswordToken(username, password); token.setRememberMe(true); try { //执行验证登录 currentUser.login(token); User user = (User) currentUser.getPrincipal(); Session session1 = currentUser.getSession(); session1.setAttribute("user", user); System.out.println("已经设置session"); return "index2"; } catch (Exception e) { e.printStackTrace(); } } return "login"; }
下面是浏览器页面显示的session信息,只是测试信息,数据库中用户信息还没有完善,所以返回的两个
shiroSavedRequest=org.apache.shiro.web.util.SavedRequest@54cf4c87, org.apache.shiro.subject.support.DefaultSubjectContext_AUTHENTICATED_SESSION_KEY=true,
user=User(id=2, loginname=11, password=null, username=11, nickname=null, avatar=null, createtime=null),
org.apache.shiro.web.session.HttpServletSession.HOST_SESSION_KEY=0:0:0:0:0:0:0:1, org.apache.shiro.subject.support.DefaultSubjectContext_PRINCIPALS_SESSION_KEY=User
(id=2, loginname=11, password=null, username=11, nickname=null, avatar=null, createtime=null)};