在最近的项目中要实现一个需求:“同时让两种类型的用户进行登录,登录后如果用户勾选了记住密码就要生成cookie来记录用户的密码和用户名”。本人做安全认证的时候一直在使用shiro,所以就想到在shiro的基础上进行一些扩展来满足需求。
shiro自带的参数中有三个值,分别是username、password和rememberme,而自带的rememberme使用的时候并没有生成自定义cookie的能力,所以只能扩展一个自己的remember么来实现功能了。
代码如下:
import org.apache.shiro.authc.UsernamePasswordToken;
/**首先要扩展shiro默认提供的usernamePasswordToken,加入我们需要关心的字段*/
public class UserNamePassWordCookieToken extends UsernamePasswordToken {
private static final long serialVersionUID = 1L;
private boolean isRemember;//是否记住密码
private String loginType;//0为企业用户,1为政务端用户
public UserNamePassWordCookieToken(String username, char[] password,
boolean rememberMe, String host, boolean isRemember,String loginType) {
super(username, password, rememberMe, host);
this.setRemember(isRemember);
this.loginType=loginType;
}
public boolean isRemember() {
return isRemember;
}
public void setRemember(boolean isRemember) {
this.isRemember = isRemember;
}
public String getLoginType() {
return loginType;
}
public void setLoginType(String loginType) {
this.loginType = loginType;
}
}
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;
/**我使用的 是表单验证,所以这里扩展一下默认的FormAuthenticationFilter*/
public class FormAuthenticationCookieFilter extends FormAuthenticationFilter {
public static final String DEFAULT_CAPTCHA_PARAM = "ck_rmbUser";//自定义的rememberme在form表单中的name
public static final String DEFAULT_LOGINTYPE_PARAM = "loginType";//自定义的登录类型在form表单中的name
private String isRememberParam = DEFAULT_CAPTCHA_PARAM;
private String loginTypeParam = DEFAULT_LOGINTYPE_PARAM;
public String getIsRememberParam() {
return isRememberParam;
}
public void setIsRememberParam(String isRememberParam) {
this.isRememberParam = isRememberParam;
}
public String getLoginTypeParam() {
return loginTypeParam;
}
public void setLoginTypeParam(String loginTypeParam) {
this.loginTypeParam = loginTypeParam;
}
protected boolean getIsRemember(ServletRequest request) {
return WebUtils.isTrue(request, getIsRememberParam());//利用shiro的工具类来把form表单传来的isRemember转换为boolean值
}
protected String getLoginType(ServletRequest request) {
return WebUtils.getCleanParam(request, getLoginTypeParam());//利用shiro的工具类获得登录类型
}
protected AuthenticationToken createToken(
ServletRequest request, ServletResponse response) {
String username = getUsername(request);
String password = getPassword(request);
boolean isRemember = getIsRemember(request);
String loginType = getLoginType(request);
HttpServletRequest httpServletReqrest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
try {
if (isRemember) {//创建cookie
Cookie user = new Cookie("user", username + "-" + password+ "-" + loginType);
// user.setMaxAge(60);
user.setMaxAge(365*24*60*60);
httpServletResponse.addCookie(user);
} else {//清除cookie
Cookie[] cookies = httpServletReqrest.getCookies();
for (Cookie cookie : cookies) {
if (cookie.getName().equals("user")) {
cookie.setValue(null);
cookie.setMaxAge(0);// 立即销毁cookie
System.out.println("被删除的cookie名字为:" + cookie.getName());
httpServletResponse.addCookie(cookie);
break;
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
boolean rememberMe = isRememberMe(request);//shiro自带的remember
String host = getHost(request);
return new UserNamePassWordCookieToken(username,
password.toCharArray(), rememberMe, host, isRemember, loginType);
}
}