会话管理器
<bean id ="sessionManager" class ="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="globalSessionTimeout" value ="600000"/>
<property name ="deleteInvalidSessions" value ="true"/>
</bean>
<bean id ="securityManager" class ="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name ="realm" ref ="customRealm" />
<property name ="cacheManager" ref ="cacheManager" />
<property name ="sessionManager" ref ="sessionManager"/>
</bean>
验证码
/**
*
* <p>Title:CustomFormAuthenticationFilter</p>
* <p>Description:自定义CustomFormAuthenticationFilter,认证之前实现验证码校验</p>
* <p>PersonWeb:www.xuxiaonan.cn</p>
* @author dinggc
* @date 2018年4月25日下午3:09:05
* @version 1.0
*/
public class CustomFormAuthenticationFilter extends FormAuthenticationFilter{
@Override
protected boolean onAccessDenied(ServletRequest request,ServletResponse response)throws Exception{
HttpServletRequest httpServletRequest = (HttpServletRequest)request;
HttpSession session = httpServletRequest.getSession();
String validateCode =(String) httpServletRequest.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
String randomcode = httpServletRequest.getParameter("yzm");
if(randomcode!=null && validateCode!=null &&!randomcode.equals(validateCode)) {
httpServletRequest.setAttribute("shiroLoginFailure", "randomCodeError");
return true;
}
return super.onAccessDenied(request, response);
}
}
配置文件
<bean id ="formAuthenticationFilter" class ="shiro.CustomFormAuthenticationFilter">
<property name ="usernameParam" value ="username"/>
<property name ="passwordParam" value ="password"/>
</bean>
<property name ="filters">
<map>
<entry key ="authc" value-ref ="formAuthenticationFilter"/>
</map>
</property>