利用SecurityUtils做登录认证---最主要是认证过程(代码如下):
logaction:
@RequestMapping(value = "/index.do" ,method = RequestMethod.POST) public String index(String username,String password,String checkcode,HttpServletRequest request,HttpServletResponse response,Model model){ HttpSession session =request.getSession(); if (!checkcode.toUpperCase().equals(session.getAttribute("validateCode"))){ log.error("验证码错误"); model.addAttribute("errorMsg","验证码错误"); return "login"; } try { UsernamePasswordToken token = new UsernamePasswordToken(username, MemberUserRealm.encryptPassword(password)); UserEntity userEntity = userService.getEntityByName(username); Subject subject = SecurityUtils.getSubject(); subject.login(token); session.setAttribute("login",userEntity.getName()); session.setAttribute("userName",userEntity.getName()); session.setAttribute("userId",userEntity.getId()); session.setAttribute("channelId",userEntity.getChannelId()); session.setAttribute("channelName",userEntity.getChannelName()); } catch (UnknownAccountException e) { log.error("用户名不存在!"); model.addAttribute("errorMsg","用户名不存在"); return "login"; }catch (IncorrectCredentialsException e){ log.error("密码错误!"); model.addAttribute("errorMsg","密码错误"); return "login"; }catch (RuntimeException e){ log.error("",e); } return "idnex"; }
认证过程:
public class MemberUserRealm extends AuthorizingRealm { public static final String SALT = Sha256Hash.ALGORITHM_NAME; @Resource UserService userService; @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token; String username = usernamePasswordToken.getUsername(); UserEntity userEntity = userService.getEntityByName(username); if(userEntity != null){ return new SimpleAuthenticationInfo(username, userEntity.getPassword(), getSaltByteSource(), getName()); }else{ return null; } // return new SimpleAuthenticationInfo(username, "123456", getSaltByteSource(), getName()); } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { return null; } public static String encryptPassword(Object password) { return new SimpleHash(SALT, password, getSaltByteSource()) .toBase64(); } private static ByteSource getSaltByteSource() { return ByteSource.Util.bytes(SALT); }
}
退出登录:
@RequestMapping(value = "/logout.do" ,method = RequestMethod.GET) public String logout(){ Subject subject = SecurityUtils.getSubject(); if (subject.isAuthenticated()){ subject.logout(); } return "login"; }