shiro实现用户认证
@RequestMapping("/login")
public String login(String username,String password,Model model){
//获得当前用户
Subject subject = SecurityUtils.getSubject();
//封装用户的登录数据(通过用户名和密码让shiro为我们生成一个token)
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
//执行登录方法,如果没有异常就ok跳转到首页
try {
subject.login(token);
return "index";
} catch (UnknownAccountException e) {//用户名不存在的异常
model.addAttribute("msg", "用户名不存在");
return "login";
} catch (IncorrectCredentialsException e) {//密码不存在
model.addAttribute("msg", "密码错误");
return "login";
}
}
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>登录页面</title>
</head>
<body>
<h2>登录</h2>
<hr>
<p th:text="${msg}" style="color: red"></p>
<form th:action="@{/login}">
<table>
<tr>
<td>用户名:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>密码:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td>
<input type="submit" value="提交">
</td>
</tr>
</table>
</form>
</body>
</html>
//认证登录
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("执行了=>认证doGetAuthorizationInfo");
//用户名 密码(从数据库中取)
String name="root";
String password="123456";
UsernamePasswordToken tokenUser= (UsernamePasswordToken) token;
if (!tokenUser.getUsername().equals(name)) {
return null;//如果是null就会抛出异常(UnknownAccountException)
}
//密码认证,shiro做
return new SimpleAuthenticationInfo("",password,"");
}
//认证登录
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("执行了=>认证doGetAuthorizationInfo");
//用户名 密码(从数据库中取)
/*String name="root";
String password="123456";
UsernamePasswordToken tokenUser= (UsernamePasswordToken) token;
if (!tokenUser.getUsername().equals(name)) {
return null;//如果是null就会抛出异常(UnknownAccountException)
}*/
//连接真实数据库
UsernamePasswordToken userToken= (UsernamePasswordToken) token;
User user = userService.getUserByUserName(userToken.getUsername());
if (user==null) {
return null;//如果是null就会抛出异常(UnknownAccountException)
}
//这儿密码可以加密,MD5加密 MD5盐值加密
//密码认证,shiro做(这儿存一些信息,那么subject就可以获取这些信息)
return new SimpleAuthenticationInfo(user,user.getPassword(),"");
}