上一片文章实现了用户验证 查看
当用户成功登录后,关闭浏览器,重新打开浏览器访问http://localhost:8080,页面会跳转到登录页,因为浏览器的关闭后之前的登录已失效
Shiro提供了Remember Me的功能,用户的登录状态不会因为浏览器的关闭而失效,直到Cookie过期
1.修改ShiroConfig
(1)添加
/**
* cookie对象
* @return
*/
public SimpleCookie rememberMeCookie() {
// 设置cookie名称,对应login.html页面的
SimpleCookie cookie = new SimpleCookie("rememberMe");
// 设置cookie的过期时间,单位为秒,这里为一天
cookie.setMaxAge(86400);
return cookie;
}
/**
* cookie管理对象
* @return
*/
public CookieRememberMeManager rememberMeManager() {
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
cookieRememberMeManager.setCookie(rememberMeCookie());
// rememberMe cookie加密的密钥
cookieRememberMeManager.setCipherKey(Base64.decode("4AvVhmFLUs0KTA3Kprsdag=="));
return cookieRememberMeManager;
}
(2)将cookie管理对象设置到SecurityManager
修改securityManager()为
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
securityManager.setRememberMeManager(rememberMeManager());//新加
return securityManager;
}
(3)改权限配置
将ShiroFilterFactoryBean的
filterChainDefinitionMap.put("/**", "authc")
修改为
filterChainDefinitionMap.put("/**", "user");
说明:
user指的是用户认证通过或者配置了Remember Me记住用户登录状态后可访问
2.修改login.html
账户登录
记住我
var ctx = [[@{/}]];
function login() {
var account = $("input[name='account']").val();
var password = $("input[name='password']").val();
var rememberMe = $("input[name='rememberMe']").is(':checked');
$.ajax({
type: "post",
url: ctx + "login",
data: {"account": account,"password": password,"rememberMe": rememberMe},
dataType: "json",
success: function (r) {
if (r.code == 0) {
location.href = ctx + 'index';
} else {
alert(r.msg);
}
}
});
}
View Code
3.修改LoginController
@PostMapping("/login")
@ResponseBody
public ResponseBo login(String account, String password, Boolean rememberMe) {
System.out.println(rememberMe);
// 密码MD5加密
password = MD5Utils.encrypt(account, password);
System.out.println(password);
UsernamePasswordToken token = new UsernamePasswordToken(account, password);
rememberMe = rememberMe == null ? false : rememberMe; //null=>false
token.setRememberMe(rememberMe);
//UsernamePasswordToken token = new UsernamePasswordToken(username, password,rememberMe);
// 获取Subject对象
Subject subject = SecurityUtils.getSubject();
try {
subject.login(token);
if (rememberMe) System.out.println("rememberMe--------");
return ResponseBo.ok();
} catch (UnknownAccountException e) {
return ResponseBo.error(e.getMessage());
} catch (IncorrectCredentialsException e) {
return ResponseBo.error(e.getMessage());
} catch (LockedAccountException e) {
return ResponseBo.error(e.getMessage());
} catch (AuthenticationException e) {
return ResponseBo.error("认证失败!");
}
}
View Code
rememberMe选中的时候,Shiro就会帮忙记住用户的登录状态
说明:
如果遇到下面错误
2019-06-24 15:37:49.620 WARN 12952 --- [nio-8088-exec-2] o.a.shiro.mgt.DefaultSecurityManager : Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during onSuccessfulLogin. RememberMe services will not be performed for account [com.sfn.bms.system.model.User@86fc436].
org.apache.shiro.io.SerializationException: Unable to serialize object [com.sfn.bms.system.model.User@86fc436]. In order for the DefaultSerializer to serialize this object, the [org.apache.shiro.subject.SimplePrincipalCollection] class must implement java.io.Serializable.
解决方法查看
好文链接
发表评论