基于SpringMVC实现登录认证的过程----subject.login(token)

利用SecurityUtils做登录认证---最主要是认证过程（代码如下）：

logaction：

@RequestMapping(value = "/index.do" ,method = RequestMethod.POST)
public String index(String username,String password,String checkcode,HttpServletRequest request,HttpServletResponse response,Model model){
    HttpSession session =request.getSession();
    if (!checkcode.toUpperCase().equals(session.getAttribute("validateCode"))){
        log.error("验证码错误");
        model.addAttribute("errorMsg","验证码错误");
        return "login";
    }
    try {
        UsernamePasswordToken token = new UsernamePasswordToken(username, MemberUserRealm.encryptPassword(password));
        UserEntity userEntity = userService.getEntityByName(username);
        Subject subject = SecurityUtils.getSubject();
        subject.login(token);

        session.setAttribute("login",userEntity.getName());
        session.setAttribute("userName",userEntity.getName());
        session.setAttribute("userId",userEntity.getId());
        session.setAttribute("channelId",userEntity.getChannelId());
        session.setAttribute("channelName",userEntity.getChannelName());
    } catch (UnknownAccountException e) {
        log.error("用户名不存在！");
        model.addAttribute("errorMsg","用户名不存在");
        return "login";
    }catch (IncorrectCredentialsException e){
        log.error("密码错误！");
        model.addAttribute("errorMsg","密码错误");
        return "login";
    }catch (RuntimeException e){
        log.error("",e);
    }
    return "idnex";
}

认证过程：

public class MemberUserRealm extends AuthorizingRealm {


    public static final String SALT = Sha256Hash.ALGORITHM_NAME;

    @Resource
    UserService userService;

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
        String username = usernamePasswordToken.getUsername();
        UserEntity userEntity = userService.getEntityByName(username);
        if(userEntity != null){
           return new SimpleAuthenticationInfo(username, userEntity.getPassword(), getSaltByteSource(), getName());
        }else{
            return null;
        }
//        return new SimpleAuthenticationInfo(username, "123456", getSaltByteSource(), getName());
    }


    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        return null;
    }


    public static String encryptPassword(Object password) {
        return new SimpleHash(SALT, password, getSaltByteSource())
                .toBase64();
    }

    private static ByteSource getSaltByteSource() {
        return ByteSource.Util.bytes(SALT);
    }

}

退出登录:

@RequestMapping(value = "/logout.do" ,method = RequestMethod.GET)
public String logout(){
    Subject subject = SecurityUtils.getSubject();
    if (subject.isAuthenticated()){
        subject.logout();
    }
    return "login";
}