2. shiro-记住我
#在用户认证的基础上修改shiroConf, 添加
/**
* cookie管理器
* @return
*/
private CookieRememberMeManager cookieRememberMeManager() {
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
//rememberme cookie加密的密钥
byte[] cipherKey = Base64.decode("wrjUh2ttBPQLnT4JVhriug==");
//设置密匙, 防止有人恶意修改cookie
cookieRememberMeManager.setCipherKey(cipherKey);
cookieRememberMeManager.setCookie(rememberMeCookie());
return cookieRememberMeManager;
}
/**
* 设置cookie相关属性
* @return
*/
private SimpleCookie rememberMeCookie(){
// 设置cookie名称,对应login.html页面的<input type="checkbox" name="rememberMe"/>
SimpleCookie cookie = new SimpleCookie("rememberMe");
// 设置cookie的过期时间,单位为秒,这里为一天
cookie.setMaxAge(86400);
//如果httpOnly设置为true,则客户端不会暴露给客户端脚本代码,使用HttpOnly cookie有助于减少某些类型的跨站点脚本攻击;
cookie.setHttpOnly(true);
return cookie;
}
#AES加密
/**
* AES Cookie加密 wrjUh2ttBPQLnT4JVhriug==
* @throws NoSuchAlgorithmException
*/
@Test
public void testAES() throws NoSuchAlgorithmException {
KeyGenerator keygen = KeyGenerator.getInstance("AES");
SecretKey deskey = keygen.generateKey();
System.out.println(Base64.encodeToString(deskey.getEncoded()));
}
#修改SecurityManager
@Bean
public DefaultWebSecurityManager securityManager(Realm userRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//关联realm
securityManager.setRealm(userRealm);
//设置cookie管理器
securityManager.setRememberMeManager(cookieRememberMeManager());
return securityManager;
}
#修改login.html
<div class="login-page">
<div class="form">
<input type="text" placeholder="用户名" name="name" required="required"/><span id="s1"></span>
<input type="password" placeholder="密码" name="password" required="required"/><span id="s2"></span>
<!-- 对应simpleCookie设置的值-->
<p><input type="checkbox" name="rememberMe"/>记住我</p>
<button onclick="login()">登录</button>
<button onclick="register()">注册</button>
</div>
</div>
#修改对应的api
@ResponseBody
@PostMapping(value = "/login")
//可以将多个参数绑定到一个对象,将另外一个参数绑定到一个简单参数
public String login(User user,
@RequestParam(value = "rememberMe",required = false) Boolean rememberMe) {
System.out.println(rememberMe);
//checkbox中如果钩中就是true,如果没有钩中就是null
log.info("在执行用户认证时调用了数据库,原因不明");
//获取当前用户
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token =
//设置remember属性
//记住我,会生成一个cookie,如果没有rememberMe默认是一个临时的cookie浏览器关闭就死亡
new UsernamePasswordToken(user.getName(), user.getPassword(),rememberMe);
try {
currentUser.login(token);
return "0";
} catch (UnknownAccountException e) {
System.out.println("用户名错误");
return "用户名错误或密码错误";
} catch (IncorrectCredentialsException e) {
System.out.println("密码错误");
return "用户名错误或密码错误";
}
}
}