Shiro+easyUI+SpringMVC实现登录认证

  最近在做一个小项目，其中认证这块使用shiro+SpringMVC+easyUI，因为easyUI在提交数据的时候使用的是ajax的异步提交，所以shiro在处理数据的时候需要重写FormAuthenticationFilter的相关方法，所以在此记录下实现的过程，以供大伙参考。
  本文只给出核心代码，完整代码可去本人github上查看
https://github.com/q279583842q/SRM.git

ShiroLoginFilter

  因为shiro默认的处理验证的方式是验证成功直接跳转到我们配置的successURL中，如果认证失败则会跳转到我们指定的fail地址，而和easyUI一块使用的话通过ajax提交，shiro只需要给调用者返回一个验证的结果就可以了，所以我们需要重写FormAuthenticationFilter中的相关方法，如下：

/**
 * 拦截验证后的请求
 * @author 波波烤鸭
 * @email dengpbs@163.com
 *
 */
public class ShiroLoginFilter extends FormAuthenticationFilter{
	
	private static final Logger log = LoggerFactory.getLogger(FormAuthenticationFilter.class);

	 /**
     * 表示当访问拒绝时
     * @param request
     * @param response
     * @return
     * @throws Exception
     */
    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {

        if(this.isLoginRequest(request, response)) {
            if(this.isLoginSubmission(request, response)) {
                if(log.isTraceEnabled()) {
                    log.trace("Login submission detected.  Attempting to execute login.");
                }

                return this.executeLogin(request, response);
            } else {
                if(log.isTraceEnabled()) {
                    log.trace("Login page view.");
                }

                return true;
            }
        } else {
            if(log.isTraceEnabled()) {
                log.trace("Attempting to access a path which requires authentication.  Forwarding to the Authentication url [" + this.getLoginUrl() + "]");
            }

            this.saveRequestAndRedirectToLogin(request, response);
            return false;
        }
    }

    /**
     * 
     * 当登录成功
     * 
     * @param token
     * @param subject
     * @param request
     * @param response
     * @return
     * @throws Exception
     */
    @Override
    protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
        
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        String requestType = ((HttpServletRequest)request).getHeader("X-Requested-With"); 
        System.out.println("访问成功....");
        if (requestType==null){// 不是ajax请求
        	System.out.println("访问成功....1");
            issueSuccessRedirect(request, response);
        } else {
        	System.out.println("访问成功....2");
            httpServletResponse.setCharacterEncoding("UTF-8");
            PrintWriter out = httpServletResponse.getWriter();
            out.println(JSONObject.toJSON(Resp.success()));
            out.flush();
            out.close();
        }
        return false;
    }

    /**
     * 
     * 当登录失败
     * 
     * @param token
     * @param e
     * @param request
     * @param response
     * @return
     */
    @Override
    protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
        System.out.println("访问失败...");
    	String requestType = ((HttpServletRequest)request).getHeader("X-Requested-With"); 
    	System.out.println("访问失败..."+requestType);
    	if (requestType==null) {// 不是ajax请求
    		System.out.println("访问失败...1");
            setFailureAttribute(request, e);
            return true;
        }
        try {
        	System.out.println("访问失败...2");
            response.setCharacterEncoding("UTF-8");
            PrintWriter out = response.getWriter();
            String message = e.getClass().getSimpleName();
            String info = null;
            if ("IncorrectCredentialsException".equals(message)) {
                info = "密码错误";
            } else if ("UnknownAccountException".equals(message)) {
                info = "账号不存在";
            } else if ("LockedAccountException".equals(message)) {
                info = "账号被锁定";
            } else {
                info = "未知错误";
            }
            out.println(JSONObject.toJSON(Resp.fail(ErrorCode.SYSTEM_ERROR, info)));
            out.flush();
            out.close();
        } catch (IOException e1) {
            // TODO Auto-generated catch block
            e1.printStackTrace();
        }
        return false;
    }
}

自定义realm

/**
 * 认证和授权的自定义Realm
 * 
 * @author 波波烤鸭
 * @email dengpbs@163.com
 *
 */
public class SecurityRealm extends AuthorizingRealm {

	@Resource
	private IUserService userService;

	/**
	 * 认证的方法
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		// 获取提交的账号
		UsernamePasswordToken t = (UsernamePasswordToken) token;
		// 获取登录的账号
		String userName = t.getUsername();
		System.out.println("---->" + userName);
		User user = new User();
		user.setUsername(userName);
		List<User> list = userService.login(userName);
		if (list == null || list.size() != 1) {
			// 账号不存在或者用户过多都返回null
			return null;
		}
		user = list.get(0);
		
		SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(), "bobo");
		return info;
	}

	/**
	 * 授权的方法
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
		// 省略 。。。
		return null;
	}

}

shiro的配置文件

easyUI中提交数据

$.ajax({ 
	type: "post"
	, timeout: 10000
	, // 超时时间 10 秒 
	headers: { 'X-Requested-With':'XMLHttpRequest' }
	, url: "login.do"
	, data: $("#ff").serialize()
	, success: function(data) { 
		if(JSON.parse(data).status==200){
			// 表示登录成功,跳转到home页面
			location.href="home";
		}else{
			$.messager.alert('登录失败',JSON.parse(data).message);	
		}
	}
});

如此就可以实现我们需要的功能了，希望此文对你有所帮助^ _ ^