博主登录功能实现
主要实现shiro作为权限管理
密码用md5加密
登录,显示404
http://localhost:8080/blog/blogger/login.do
2020-12-20 22:48:37,579 [http-nio-8080-exec-8] DEBUG [org.springframework.web.servlet.DispatcherServlet] - DispatcherServlet with name 'springMVC' processing POST request for [/blog/blogger/login.do]
2020-12-20 22:48:37,579 [http-nio-8080-exec-8] DEBUG [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - Looking up handler method for path /blog/blogger/login.do
2020-12-20 22:48:37,580 [http-nio-8080-exec-8] DEBUG [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - Did not find handler method for [/blog/blogger/login.do]
2020-12-20 22:48:37,580 [http-nio-8080-exec-8] WARN [org.springframework.web.servlet.PageNotFound] - No mapping found for HTTP request with URI [/blog/blogger/login.do] in DispatcherServlet with name 'springMVC'
2020-12-20 22:48:37,580 [http-nio-8080-exec-8] DEBUG [org.springframework.web.servlet.DispatcherServlet] - Successfully completed request
2020-12-20 22:48:37,580 [http-nio-8080-exec-8] DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'sqlSessionFactory'
改用spirng4问题就没有了
开始实现登录功能
完善模型类
package com.java1234.entity;
/**
* 博主实体
*/
public class Blogger {
private Integer id ;
private String userName ;
private String password ;
private String profile; // 描述详细信息
private String nickName; // 昵称
private String sign; // 个性签名
private String imageName; // 图片
public String getProfile() {
return profile;
}
public void setProfile(String profile) {
this.profile = profile;
}
public String getNickName() {
return nickName;
}
public void setNickName(String nickName) {
this.nickName = nickName;
}
public String getSign() {
return sign;
}
public void setSign(String sign) {
this.sign = sign;
}
public String getImageName() {
return imageName;
}
public void setImageName(String imageName) {
this.imageName = imageName;
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
实现dao接口
package com.java1234.dao;
import com.java1234.entity.Blogger;
/**
* 博主实体
*/
public interface BloggerDao {
/**
* 通过用户名查询用户
* @param userName
* @return
*/
public Blogger getByUserName(String userName);
}
mapper.xml
<!--结果集映射-->
<resultMap id="BloggerResult" type="Blogger">
<result property="id" column="id"/>
<result property="userName" column="userName"/>
<result property="password" column="password"/>
<result property="profile" column="profile"/>
<result property="nickName" column="nickName"/>
<result property="sign" column="sign"/>
<result property="sign" column="sign"/>
</resultMap>
<!-- 后面会跟着select insert update delete -->
<select id="getByUserName" parameterType="String" resultMap="BloggerResult">
select * from t_blogger where userName=#{userName};
</select>
实现service
public interface BloggerService {
/**
* 通过用户名查询用户
* @param userName
* @return
*/
public Blogger getByUserName(String userName);
}
@Service("bloggerService")
public class BloggerServiceImpl implements BloggerService {
@Resource
private BloggerDao bloggerDao;
@Override
public Blogger getByUserName(String userName) {
return bloggerDao.getByUserName(userName);
}
}
自定义relm,实现登录验证功能
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
// 获取用户名
String userName = (String) authenticationToken.getPrincipal();
// 获取blogger实体
Blogger blogger = bloggerService.getByUserName(userName);
if (blogger != null){
// 执行用户验证
// 把当前用户存储到session
SecurityUtils.getSubject().getSession().setAttribute("currentUser",blogger);
AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(blogger.getUserName(),blogger.getPassword(),"xxx");
return authenticationInfo;
}else {
return null;
}
}
实现controller
//前台,不需要认证 博主
@Controller
@RequestMapping(value = "/blogger")
public class BloggerController {
@Resource //注入
private BloggerService bloggerService;
@RequestMapping(value = "/login",method = RequestMethod.POST)
public String login(Blogger blogger, HttpServletRequest req ){
// 获取当前登录用户
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(blogger.getUserName(), CryptographyUtil.md5(blogger.getPassword(),"java1234"));
try {
// 进行身份认证--realm
subject.login(token);
// 登录成功,重定向到main.jsp
return "redirect:/admin/main.jsp";
}catch (Exception e ){
e.printStackTrace();
req.setAttribute("blogger",blogger); // 回显到页面
req.setAttribute("errorInfo","用户名或密码错误");
return "login";
}
}
需要知道的地方:
SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(blogger.getUserName(), CryptographyUtil.md5(blogger.getPassword(),"java1234"));
// 进行身份认证--realm
subject.login(token);
SecurityUtils.getSubject()是怎么获取到当前用户信息的
每个shiro拦截到的请求,都会根据seesionid创建Subject,清除当前线程的绑定,然后重新绑定的线程中,之后执行过滤器。
所以我们再SecurityUtils.getSubject()中获取的一直是当前用户的信息
参考这篇文章
https://blog.csdn.net/narutots/article/details/99585649
// 把当前的用户名和密码进行处理,对前端传过来的表单信息进行封装,处理
UsernamePasswordToken token = new UsernamePasswordToken(blogger.getUserName(), CryptographyUtil.md5(blogger.getPassword(),"java1234"));
System.out.println("token: "+token); //org.apache.shiro.authc.UsernamePasswordToken - 123123, rememberMe=false
System.out.println("token: "+token.toString()+"password"+token.getPassword()); //token: org.apache.shiro.authc.UsernamePasswordToken - 123123, rememberMe=falsepassword[C@70d993bf