上一片文章实现了用户验证  查看

当用户成功登录后,关闭浏览器,重新打开浏览器访问http://localhost:8080,页面会跳转到登录页,因为浏览器的关闭后之前的登录已失效

Shiro提供了Remember Me的功能,用户的登录状态不会因为浏览器的关闭而失效,直到Cookie过期

1.修改ShiroConfig

(1)添加

/**

* cookie对象

* @return

*/

public SimpleCookie rememberMeCookie() {

// 设置cookie名称,对应login.html页面的

SimpleCookie cookie = new SimpleCookie("rememberMe");

// 设置cookie的过期时间,单位为秒,这里为一天

cookie.setMaxAge(86400);

return cookie;

}

/**

* cookie管理对象

* @return

*/

public CookieRememberMeManager rememberMeManager() {

CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();

cookieRememberMeManager.setCookie(rememberMeCookie());

// rememberMe cookie加密的密钥

cookieRememberMeManager.setCipherKey(Base64.decode("4AvVhmFLUs0KTA3Kprsdag=="));

return cookieRememberMeManager;

}

(2)将cookie管理对象设置到SecurityManager

  修改securityManager()为

@Bean

public SecurityManager securityManager() {

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();

securityManager.setRealm(myShiroRealm());

securityManager.setRememberMeManager(rememberMeManager());//新加

return securityManager;

}

(3)改权限配置

  将ShiroFilterFactoryBean的

filterChainDefinitionMap.put("/**", "authc")

  修改为

filterChainDefinitionMap.put("/**", "user");

说明:

  user指的是用户认证通过或者配置了Remember Me记住用户登录状态后可访问

2.修改login.html

Title

View Code

3.修改LoginController

@PostMapping("/login")

@ResponseBody

public ResponseBo login(String account, String password, Boolean rememberMe) {

System.out.println(rememberMe);

// 密码MD5加密

password = MD5Utils.encrypt(account, password);

System.out.println(password);

UsernamePasswordToken token = new UsernamePasswordToken(account, password);

rememberMe = rememberMe == null ? false : rememberMe; //null=>false

token.setRememberMe(rememberMe);

//UsernamePasswordToken token = new UsernamePasswordToken(username, password,rememberMe);

// 获取Subject对象

Subject subject = SecurityUtils.getSubject();

try {

subject.login(token);

if (rememberMe) System.out.println("rememberMe--------");

return ResponseBo.ok();

} catch (UnknownAccountException e) {

return ResponseBo.error(e.getMessage());

} catch (IncorrectCredentialsException e) {

return ResponseBo.error(e.getMessage());

} catch (LockedAccountException e) {

return ResponseBo.error(e.getMessage());

} catch (AuthenticationException e) {

return ResponseBo.error("认证失败!");

}

}

View Code

rememberMe选中的时候,Shiro就会帮忙记住用户的登录状态

 说明:

  如果遇到下面错误

2019-06-24 15:37:49.620 WARN 12952 --- [nio-8088-exec-2] o.a.shiro.mgt.DefaultSecurityManager : Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during onSuccessfulLogin. RememberMe services will not be performed for account [com.sfn.bms.system.model.User@86fc436].

org.apache.shiro.io.SerializationException: Unable to serialize object [com.sfn.bms.system.model.User@86fc436]. In order for the DefaultSerializer to serialize this object, the [org.apache.shiro.subject.SimplePrincipalCollection] class must implement java.io.Serializable.

  解决方法查看

好文链接

评论可见,请评论后查看内容,谢谢!!!评论后请刷新页面。