在UserController中调用subject.login(token)方法
@Controller
@RequestMapping("/user")
public class UserController extends MyExceptionHandler {
@RequestMapping("/login")
@ResponseBody
//把前端传进来的数据自动映射到user captcha不能自动映射
public Result<Object> login(User user, String captcha) {
System.out.println(user);
//System.out.println(captcha);
//引入shiro的加密算法 四个参数(参数1 采用何种加密算法 参数2 传进来要加密的值 参数3 盐值 参数4 加密的次数 )
String pwd= new SimpleHash("MD5", user.getPwd(), user.getAccount(), 218).toString();
// 认证
// 1.获取subject对象
Subject currentUser = SecurityUtils.getSubject();
//2.判断是否认证过
if (!currentUser.isAuthenticated()) {
//没认证创建令牌
UsernamePasswordToken token = new UsernamePasswordToken(user.getAccount(), pwd);
try {
currentUser.login(token); // <----调用subject.login(token)
System.out.println("认证成功");
} catch (UnknownAccountException e) {
System.out.println("帐号不存在");
Result<Object> result = new Result<>().setStatus(Result.ERROR);
return result;
} catch (IncorrectCredentialsException e) {
System.out.println("密码错误");
Result<Object> result = new Result<>().setStatus(Result.ERROR);
return result;
} catch (Exception e) {
System.out.println("其他异常");
Result<Object> result = new Result<>().setStatus(Result.ERROR);
return result;
}
}
Result<Object> result = new Result<>().setStatus(Result.SUCCESS);
return result;
}
}
追踪Subject.login()方法,其调用的是DelegatingSubject的login方法,DelegatingSubject实现subject接口
public class DelegatingSubject implements Subject {
public void login(AuthenticationToken token) throws AuthenticationException {
clearRunAsIdentitiesInternal();
Subject subject = securityManager.login(this, token); // <--在调用方法
PrincipalCollection principals; String host = null;
if (subject instanceof DelegatingSubject) {
DelegatingSubject delegating = (DelegatingSubject) subject;
//we have to do this in case there are assumed identities - we don't want to lose the 'real' principals:
principals = delegating.principals;
host = delegating.host;
} else {
principals = subject.getPrincipals();
}
if (principals == null || principals.isEmpty