认证是没有问题的,登录之后一直在登录页面,然后直接输入index.jsp又是可以访问的,
说明认证成功了
直接上图帐号代码,求大神。。。
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
<!-- web.xml中shiro的filter对应的bean -->
<!-- Shiro 的Web过滤器 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<!-- loginUrl认证提交地址,如果没有认证将会请求此地址进行认证,请求此地址将由formAuthenticationFilter进行表单认证 -->
<property name="loginUrl" value="/login/login.html"/>
<!-- 认证成功统一跳转到first.action,建议不配置,shiro认证成功自动到上一个请求路径 -->
<property name="successUrl" value="/index.jsp"/>
<!-- 通过unauthorizedUrl指定没有权限操作时跳转页面-->
<!--<property name="unauthorizedUrl" value="/WEB-INF/pages/refuse.jsp"/>-->
<!-- 自定义filter配置 -->
<property name="filters">
<map>
<!--将自定义 的FormAuthenticationFilter注入shiroFilter中-->
<entry key="authc" value-ref="formAuthenticationFilter"/>
</map>
</property>
<!-- 过虑器链定义,从上向下顺序执行,一般将/**放在最下边 -->
<property name="filterChainDefinitions">
<value>
<!-- 对静态资源设置匿名访问 -->
/css/** = anon
/datas/** = anon
/html/** = anon
/images/** = anon
/js/** = anon
/plugins/** = anon
/temp/** = anon
/login/login.html = anon
/login/checkLogin.json = anon
<!--请求这个地址退出登录 shiro清除session-->
/login/logout = logout
<!--所有url都必须认证通过才可以访问-->
/** = authc
<!--anon所有url都可以匿名访问-->
<!--/** = anon-->
</value>
</property>
</bean>
<!-- securityManager安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="customRealm"/>
<!-- 注入缓存管理器 -->
<!--<property name="cacheManager" ref="cacheManager"/>-->
<!-- 注入session管理器 -->
<!--<property name="sessionManager" ref="sessionManager"/>-->
<!-- 记住我 -->
<!--<property name="rememberMeManager" ref="rememberMeManager"/>-->
</bean>
<!-- realm -->
<bean id="customRealm" class="com.infore.common.CustomRealm">
</bean>
<!-- 缓存管理器 -->
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:/shiro/shiro-ehcache.xml"/>
</bean>
<bean id="formAuthenticationFilter" class="com.infore.common.CustomFormAuthenticationFilter">
<!-- 表单中账号的input名称 -->
<property name="usernameParam" value="username" />
<!-- 表单中密码的input名称 -->
<property name="passwordParam" value="password" />
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
@ResponseBody
@RequestMapping("/checkLogin.json")
public AjaxResult checkLogin(HttpServletRequest request){
AjaxResult result = new AjaxResult();
String username = request.getParameter("username");
String password = request.getParameter("password");
try{
/*if(username == null || "".equals(username)){
result.setSuccess(false);
result.setMsg("请输入账号");
return result;
}
if(password == null || "".equals(password)){
result.setSuccess(false);
result.setMsg("请输入密码");
return result;
}
EmpDto emp = empService.selectByUsername(username);
if(emp == null){
result.setSuccess(false);
result.setMsg("账号不存在");
return result;
}**/
ByteSource salt = ByteSource.Util.bytes("emp");
SimpleHash simpleHash = new SimpleHash("MD5", password, salt, 2);
String password_md5 = simpleHash.toString();
/*if(!emp.getPassword().equals(password_md5)){
result.setSuccess(false);
result.setMsg("密码不正确");
return result;
}*/
UsernamePasswordToken token = new UsernamePasswordToken(username, password_md5);
Subject currentUser = SecurityUtils.getSubject();
//使用shiro来验证
token.setRememberMe(true);
try {
currentUser.login(token);
EmpDto empDto = (EmpDto) currentUser.getPrincipal();
logger.info("User [" + empDto.getUsername() + "] logged in successfully.");
//验证通过保存emp信息
super.getSession().setAttribute("emp", currentUser.getPrincipal());
super.getSession().setAttribute("username", username);
super.getSession().setAttribute("empNo", empDto.getEmpNo());
} catch ( UnknownAccountException uae ) {
uae.printStackTrace();
result.setSuccess(false);
result.setMsg("账号不存在");
return result;
} catch ( IncorrectCredentialsException ice ) {
ice.printStackTrace();
result.setSuccess(false);
result.setMsg("账号/密码不正确");
return result;
} catch (LockedAccountException lae) {
lae.printStackTrace();
result.setSuccess(false);
result.setMsg("用户已被锁定");
return result;
} catch (ExcessiveAttemptsException eae ) {
eae.printStackTrace();
}
}catch (Exception e){
logger.error("验证登录信息异常[checkLogin]",e);
publicUtil.insertLog(0,e,0);
result.setSuccess(false);
result.setMsg("验证登录信息异常");
}
return result;
}
/**
* realm的认证方法,从数据库查询用户信息
* @param authToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authToken;
EmpDto emp = empService.selectByUsername(token.getUsername());
if(emp == null){
throw new UnknownAccountException("账号不存在");
}
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(emp, emp.getPassword(), getName());
return simpleAuthenticationInfo;
}