Home > Others

About the project used to Shiro how to login through token authentication, analog login, code direct login problem!

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

1. There's a tricky problem today, where you write down blogs that remind yourself and help people who are going to be in trouble.

In the Shiro framework, you can login directly in your code with a username password.

First looked up on the internet, found this way:

Subject CurrentUser = Securityutils.getsubject ();
				Usernamepasswordtoken token = new Usernamepasswordtoken (Username,password, false,request.getremoteaddr ());
				Currentuser.login (token);


Because you have to judge the user role when you log in to your project. So, with Usernamepasswordusertypetoken.java, the code is as follows


Package Com.linkage.educloud.ucenter.login.shiro;
Import Org.apache.shiro.authc.HostAuthenticationToken;
Import Org.apache.shiro.authc.RememberMeAuthenticationToken; /** * Reference Org.apache.shiro.authcUsernamePasswordToken, added user type parameter * @author caihz * @see Org.apache.shiro.authcUsernamePas Swordtoken */public class Usernamepasswordusertypetoken implements Hostauthenticationtoken,

    Remembermeauthenticationtoken {/** * user name */private String username;

    /** * password, in char[] format */private char[] password;

    /** * Remember Me * default value:<code>false</code> */private Boolean rememberme = false;
    
    /** * Host name or IP/private String host;

    /** * User Type * * Private String usertype; Public Usernamepasswordusertypetoken () {}/** * Construction method * @param username username * @param password password (c
  har[] * @param rememberme Remember Me * @param host host or IP * @param usertype user Type * *  Public Usernamepasswordusertypetoken (final String username, final char[] password, FINA
        L Boolean rememberme, final string host, final string usertype) {this.username = username;
        This.password = password;
        This.rememberme = RememberMe;
        This.host = host;
    This.usertype = usertype;
     /** * Construction method * @param username username * @param password password (String) * @param rememberme Remember Me * @param host or IP * @param usertype user type/public usernamepasswordusertypetoken (final String username, Final string password, final Boolean rememberme, final string host, final string usertype
    {This (username, password!= null? Password.tochararray (): null, RememberMe, host, usertype);
    Public String GetUserName () {return username;
    } public void Setusername (String username) {this.username = username; } public ChAr[] GetPassword () {return password;
    } public void SetPassword (char[] password) {this.password = password;
     /** * Simply returns {@link #getUsername () GetUserName ()}.
     * @return The {@link #getUsername () Username}.  * @see Org.apache.shiro.authc.authenticationtoken#getprincipal () */public Object Getprincipal () {return
    GetUserName ();
     }/** * Returns the {@link #getPassword () password} char array.
     * @return The {@link #getPassword () password} char array. * @see org.apache.shiro.authc.authenticationtoken#getcredentials () */public Object getcredentials () {RE
    Turn GetPassword ();
    Public String GetHost () {return host;
    public void Sethost (String host) {this.host = host;
    public Boolean isrememberme () {return rememberme;
  } public void Setrememberme (Boolean rememberme) {this.rememberme = RememberMe;  Public String Getusertype () {return usertype;
	} public void Setusertype (String usertype) {this.usertype = usertype;
        /** * Erase data * Password if not NULL, set to 0x00/public void Clear () {this.username = null;
        This.host = null;
        This.rememberme = false;

        This.usertype = null;  if (This.password!= null) {for (int i = 0; i < password.length; i++) {This.password[i] =
            0x00
        } This.password = null; }/** * Rewrite toString method */Public String toString () {StringBuilder sb = new StringBuilder (
        );
        Sb.append (GetClass (). GetName ());
        Sb.append ("-");
        Sb.append (username);
        Sb.append (", usertype="). Append (usertype);
        Sb.append (", rememberme="). Append (RememberMe);
        if (host!= null) {Sb.append ("("). Append (Host). Append (")");
    return sb.tostring ();
 }


}
The above code is modified as follows: 

Subject CurrentUser = Securityutils.getsubject ();
				Usernamepasswordusertypetoken token = new Usernamepasswordusertypetoken (User.getphone (), User.getloginpass (), False, REQ.GETREMOTEADDR (), role);
				Currentuser.login (token);

Here the code in the controller layer is almost there, and then you have to modify the configuration in Shiro and realm

The configuration is as follows:

The realm of <!--and education 2015-9-10-->
	<bean id= "Shiroandedurealm" class= " Com.linkage.educloud.ucenter.learn.service.ShiroAndEduRealm ">
		<!--property Name=" Accountservice "ref=" Accountservice "/-->
		<!--The user password obtained is already encrypted, the verification of the time without encryption to verify the-->
	<!--<property Name=" Credentialsmatcher "ref=" Credentialsmatcher "/>--> <property name=" Authenticationtokenclass "value="
		Com.linkage.educloud.ucenter.login.shiro.UsernamePasswordUsertypeToken "/>
	</bean>

<bean id= "Authenticator" class= " Com.linkage.educloud.ucenter.login.shiro.FirstSuccessfulModularRealmAuthenticator ">
		<property name=" Authenticationstrategy "ref=" Firstsuccessfulstrategy "/>
		<property name=" Realms ">
			<list>
                <ref bean= "Shirodbrealm"/> <ref bean= "Shiroxxtrealm"/> <ref "bean="
                / >
            </list>
		</property>
	</bean>


The Com.linkage.educloud.ucenter.learn.service.ShiroAndEduRealm.java code is as follows:

Package com.linkage.educloud.ucenter.learn.service;
Import org.apache.shiro.authc.AccountException;
Import org.apache.shiro.authc.AuthenticationException;
Import Org.apache.shiro.authc.AuthenticationInfo;
Import Org.apache.shiro.authc.AuthenticationToken;
Import Org.apache.shiro.authc.SimpleAuthenticationInfo;
Import Org.apache.shiro.authz.AuthorizationInfo;
Import Org.apache.shiro.authz.SimpleAuthorizationInfo;
Import Org.apache.shiro.realm.AuthorizingRealm;
Import org.apache.shiro.subject.PrincipalCollection;
Import Org.slf4j.Logger;
Import Org.slf4j.LoggerFactory;

Import org.springframework.beans.factory.annotation.Autowired;
Import Com.linkage.educloud.api.ucenter.service.Uc2XXTIfaceService;
Import Com.linkage.educloud.base.util.StringUtil;
Import Com.linkage.educloud.domain.ucenter.login.UcenterLoginUser;
Import Com.linkage.educloud.ucenter.login.service.UcenterLoginService;

Import Com.linkage.educloud.ucenter.login.shiro.UsernamePasswordUsertypeToken; /** * School Communication Login Realm * @auThor Caihz * */public class Shiroandedurealm extends Authorizingrealm {final static Logger log = Loggerfactory.getlog
	
	GER (Shiroandedurealm.class);

	@Autowired private Ucenterloginservice Ucenterloginservice;
	
	@Autowired private Uc2xxtifaceservice Xxtservice;
	 /** * Login Authentication callback function, call at login. * @param authctoken Login page parameters, username and password, etc. * * @Override protected AuthenticationInfo dogetauthenticationinfo (Authenticationtok En authctoken) throws authenticationexception {Usernamepasswordusertypetoken token = (Usernamepasswordusertypetoken) A
		Uthctoken;
		String username = token.getusername ();
		if (username = = null) {throw new Accountexception ("Account cannot be empty");
		///If the User Center does not have a user, request the campus Access login interface and query the user Center for the corresponding user String password = string.valueof (Token.getpassword ());
		Password = stringutil.md5 (password);
		Password = password.tolowercase ();
		Ucenterloginuser user = Ucenterloginservice.finduserbyxxt (token.getusername (), Password, token.getusertype ()); if (user!= null) {return new SimpleauthenticatIoninfo (User, User.getloginpass (), GetName ());
		}else {return null; }/** * Login authentication through the right query function, because the current User Center front page does not require permission to control, so did not write, later if you need to expand * * @see ORG.APACHE.SHIRO.AUTHZ.AUTHORIZATIONINF O/@Override protected authorizationinfo dogetauthorizationinfo (principalcollection principals) {Simpleauthoriza

		Tioninfo info = new Simpleauthorizationinfo ();
	return info;
 }
}

This can finally solve the user directly through the token authentication login problem.

Example:

@RequestMapping ("/test") public
	String test (HttpServletRequest request) {
		Subject Subject = Securityutils.getsubject ();
	       Subject.login (New Usernamepasswordtoken (User.getphone (), User.getloginpass ()));
			Usernamepasswordusertypetoken up = new Usernamepasswordusertypetoken ("13816005001", "123456aa1", false, NULL, "3"); C4/>usernamepasswordusertypetoken up = new Usernamepasswordusertypetoken ("20212414", " 4d45acd6c95faab86980ebbae7cad57c ", False, Request.getremoteaddr ()," 1 ");
		Usernamepasswordusertypetoken up = new Usernamepasswordusertypetoken ("20212414", "blap7@3u", false, REQUEST.GETREMOTEADDR (), "1");    
		Subject.login (up);
		SYSTEM.OUT.PRINTLN ("Parental login succeeded.") ");
		return "Redirect:/ucenter/index/index";
	}



This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
drupal how to login how to login drupal how to login oracle how to login email how to login webmail how to login to magento how to login to ssh

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More