• 2. shiro-记住我


    2. shiro-记住我

    #在用户认证的基础上修改shiroConf, 添加

        /**
         * cookie管理器
         * @return
         */
        private CookieRememberMeManager cookieRememberMeManager() {
            CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
            //rememberme cookie加密的密钥
            byte[] cipherKey = Base64.decode("wrjUh2ttBPQLnT4JVhriug==");
            //设置密匙, 防止有人恶意修改cookie
            cookieRememberMeManager.setCipherKey(cipherKey);
            cookieRememberMeManager.setCookie(rememberMeCookie());
            return cookieRememberMeManager;
        }
        /**
         * 设置cookie相关属性
         * @return
         */
        private SimpleCookie rememberMeCookie(){
            // 设置cookie名称,对应login.html页面的<input type="checkbox" name="rememberMe"/>
            SimpleCookie cookie = new SimpleCookie("rememberMe");
            // 设置cookie的过期时间,单位为秒,这里为一天
            cookie.setMaxAge(86400);
            //如果httpOnly设置为true,则客户端不会暴露给客户端脚本代码,使用HttpOnly cookie有助于减少某些类型的跨站点脚本攻击;
            cookie.setHttpOnly(true);
            return cookie;
        }
    

    #AES加密

    	/**
    	 * AES	Cookie加密 wrjUh2ttBPQLnT4JVhriug==
    	 * @throws NoSuchAlgorithmException
    	 */
    	@Test
    	public void testAES() throws NoSuchAlgorithmException {
    		KeyGenerator keygen = KeyGenerator.getInstance("AES");
    		SecretKey deskey = keygen.generateKey();
    		System.out.println(Base64.encodeToString(deskey.getEncoded()));
    	}
    

    #修改SecurityManager

        @Bean
        public DefaultWebSecurityManager securityManager(Realm userRealm) {
            DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
            //关联realm
            securityManager.setRealm(userRealm);
            //设置cookie管理器
            securityManager.setRememberMeManager(cookieRememberMeManager());
            return securityManager;
        }
    

    #修改login.html

    <div class="login-page">
        <div class="form">
            <input type="text" placeholder="用户名" name="name" required="required"/><span id="s1"></span>
            <input type="password" placeholder="密码" name="password" required="required"/><span id="s2"></span>
            <!--        对应simpleCookie设置的值-->
            <p><input type="checkbox" name="rememberMe"/>记住我</p>
            <button onclick="login()">登录</button>
            <button onclick="register()">注册</button>
        </div>
    </div>
    

    #修改对应的api

        @ResponseBody
        @PostMapping(value = "/login")
        //可以将多个参数绑定到一个对象,将另外一个参数绑定到一个简单参数
        public String login(User user,
                            @RequestParam(value = "rememberMe",required = false) Boolean rememberMe) {
            System.out.println(rememberMe);
            //checkbox中如果钩中就是true,如果没有钩中就是null
            log.info("在执行用户认证时调用了数据库,原因不明");
            //获取当前用户
            Subject currentUser = SecurityUtils.getSubject();
            UsernamePasswordToken token =
                    //设置remember属性
                    //记住我,会生成一个cookie,如果没有rememberMe默认是一个临时的cookie浏览器关闭就死亡
                    new UsernamePasswordToken(user.getName(), user.getPassword(),rememberMe);
            try {
                currentUser.login(token);
                return "0";
            } catch (UnknownAccountException e) {
                System.out.println("用户名错误");
                return "用户名错误或密码错误";
            } catch (IncorrectCredentialsException e) {
                System.out.println("密码错误");
                return "用户名错误或密码错误";
            }
        }
    }
    
  • 相关阅读:
    python count函数
    kubenetes服务发现
    k8s网络
    k8s创建pod流程
    openstack创建虚拟流程、各组件介绍
    生产者消费者问题
    Date类和Calendar类
    Timer定时器
    Java中的克隆
    注解
  • 原文地址:https://www.cnblogs.com/kikochz/p/12833519.html
Copyright © 2020-2023  润新知