重写 FormAuthenticationFilter类 的 onLoginSuccess()方法即可
import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.subject.Subject; import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; public class ShiroFormAuthenticationFilter extends FormAuthenticationFilter { @Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception { //获取身份里面的用户信息 Object user = subject.getPrincipal(); HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpSession session = httpServletRequest.getSession(); session.setAttribute("user", user); return super.onLoginSuccess(token, subject, httpServletRequest, response); } }