登录拦截
编写login.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>登录</h1>
<hr>
<p th:text="${msg}" style="color: red;"> </p>
<form th:action="@{/login}">
<p>用户名: <input type="text" name="username"></p>
<p>密码: <input type="password" name="password"></p>
<p><input type="submit"></p>
</form>
</body>
</html>
在MyController类中添加
@RequestMapping("/toLogin")
public String toLogin(){
return "login";
}
在ShiroConfig类的getShiroFilterFactoryBean方法中添加
// 添加Shiro的内置过滤
/*
anon:无需认证就可以访问
authc:必须认证才能访问
user:必须拥有记住我功能才能使用
perms:拥有对某个资源的权限才能访问
role:拥有某个角色权限才能访问
*/
Map<String,String> filterMap = new LinkedHashMap<>();
filterMap.put("/user/*","authc");
bean.setFilterChainDefinitionMap(filterMap);
bean.setLoginUrl("/toLogin");
此时添加了拦截功能,对于所有前往"/user/*"的操作会被拦截,并转向"/toLogin"
登录认证
在MyController中添加
@RequestMapping("/login")
public String login(String username,String password,Model model){
// 获取当前用户
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try{
subject.login(token);
return "index";
}catch (UnknownAccountException e){
model.addAttribute("msg","用户登录错误");
return "login";
}
}
在UserRealm的doGetAuthenticationInfo(AuthenticationToken authenticationToken)方法中添加
System.out.println("====>执行了认证");
//模拟数据认证
String name = "3186020074";
String password = "123456";
UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;
if (!userToken.getUsername().equals(name)){
return null;
}
return new SimpleAuthenticationInfo("",password,"");
登录认证完成