好好编程 - 物流项目 13【登录认证 -shiro 实现】

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:context="http://www.springframework.org/schema/context"

xmlns:aop="http://www.springframework.org/schema/aop"

xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd

http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.3.xsd">

<bean class="com.bobo.realm.MyRealm" id="myRealm">

</bean>

<bean class="org.apache.shiro.web.mgt.DefaultWebSecurityManager" id="securityManager">

<property name="realm" ref="myRealm"/>

</bean>

<bean class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" id="shiro">

<property name="securityManager" ref="securityManager"/>

<property name="loginUrl" value="/login.do"/>

<property name="successUrl" value="/main"/>

<property name="unauthorizedUrl" value="/jsp/refuse.jsp"/>

<property name="filterChainDefinitions">

<value>

<!--加载顺序从上往下。

authc 需要认证

anon 可以匿名访问的资源

-->

/ = anon

/login = anon

/images/** = anon

/css/** = anon

/js/** = anon

/lib/** = anon

/login.do = authc

/** = authc

</value>

</property>

</bean>

</beans>

2.登录实现

2.1 登录界面

http://localhost:8082/ 或者 http://localhost:8082/login

![在这里插入图片描述](https://

【一线大厂Java面试题解析+后端开发学习笔记+最新架构讲解视频+实战项目源码讲义】
浏览器打开：qq.cn.hn/FTf 免费领取

img-blog.csdnimg.cn/20190322194245101.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9kcGItYm9ib2thb3lhLXNtLmJsb2cuY3Nkbi5uZXQ=,size_16,color_FFFFFF,t_70)

登录页面代码:

<%@ page language="java" contentType="text/html; charset=UTF-8"

pageEncoding="UTF-8"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>欢迎登录后台管理系统</title>

<link href="/css/style.css" rel="stylesheet" type="text/css" />

<script language="JavaScript" src="/js/jquery.js"></script>

<script src="/js/cloud.js" type="text/javascript"></script>

<script language="javascript">

$(function() {

$('.loginbox').css({

'position' : 'absolute',

'left' : ($(window).width() - 692) / 2

});

$(window).resize(function() {

$('.loginbox').css({

'position' : 'absolute',

'left' : ($(window).width() - 692) / 2

});

})

});

</script>

</head>

<body

style="background-color: #1c77ac; background-image: url(/images/light.png); background-repeat: no-repeat; background-position: center top; overflow: hidden;">

<div id="mainBody">

<div id="cloud1" class="cloud"></div>

<div id="cloud2" class="cloud"></div>

</div>

<div class="logintop">

<span>欢迎登录后台管理界面平台</span>

<ul>

<li><a href="#">回首页</a></li>

<li><a href="#">帮助</a></li>

<li><a href="#">关于</a></li>

</ul>

</div>

<div class="loginbody">

<span class="systemlogo"></span>

<div class="loginbox">

<form action="/login.do" method="post">

<ul>

<li><input name="username" type="text" class="loginuser" />

</li>

<li><input name="password" type="password" class="loginpwd" />

</li>

<li><input name="" type="submit" class="loginbtn" value="登录"/>

<label>

<input name="" type="checkbox" value="" checked="checked" />记住密码

</label>

<label>

<ahref="#">忘记密码？</a>

</label>

</li>

</ul>

</form>

</div>

</div>

<div style="display: none">

<script src='http://v7.cnzz.com/stat.php?id=155540&web_id=155540'

language='JavaScript' charset='gb2312'></script>

</div>

</body>

</html>

2.2 登录认证

UserServiceImpl 中修改 query 方法

@Override

public List<User> query(User user) {

UserExample example = new UserExample();

if(user!=null){

if(!"".equals(user.getUserName()) && user.getUserName()!= null){

// 根据账号查询

example.createCriteria().andUserNameEqualTo(user.getUserName());

}

}

return userMapper.selectByExample(example);

}

自定义 Realm 中完成认证的逻辑

@Resource

private IUserService userService;

/**

• 认证的方法

*/

@Override

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

// 获取提交的账号

UsernamePasswordToken t = (UsernamePasswordToken) token;

// 获取登录的账号

String userName = t.getUsername();

User user = new User();

user.setUserName(userName);

List<User> list = userService.query(user);

if(list == null || list.size() > 1){

// 账号不存在或者用户过多都返回 null

return null;

}

user = list.get(0);

SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(),"bobo");

return info;

}

完成 controller 逻辑

@Controller

public class LoginController {

/**

• 设定登录失败跳转的资源以及获取失败的信息

• @param model

• @param request

• @return

*/

@RequestMapping("/login.do")

public String login(Model model, HttpServletRequest request) {

Object ex = request.getAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);

if (ex != null) {

System.out.println(ex.toString() + "----------");

}

if (UnknownAccountException.class.getName().equals(ex)) {

System.out.println("----账号不正确----->");

model.addAttribute("msg", "账号不正确");

} else if (IncorrectCredentialsException.class.getName().equals(ex)) {

System.out.println("----密码不正确----->");

model.addAttribute("msg", "密码不正确");

} else {

System.out.println("----其他错误----->");

model.addAttribute("msg", "其他错误");

}

return "login";

}

}

3.测试

启动后随便输入一个地址，会发现重新跳回了登录页面

http://localhost:8082/aaabcc

登录测试