protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) { String username = getUsername(request); String password = getPassword(request); return createToken(username, password, request, response); }
@Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception { return super.onLoginSuccess(token, subject, request, response); }
@Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { return super.onLoginFailure(token, e, request, response); }
@Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) { if (AdministratorUtil.isSuper()) { return true; } String requestURI = ((HttpServletRequest) request).getRequestURI(); for (String item : excludeURI) { if (matcher.match(item, requestURI)) { return true; } } return super.isAccessAllowed(request, response, mappedValue); } }
@Override public String getSuccessUrl() { return super.getSuccessUrl(); }
/** * Shiro的过滤器链 */ @Bean(name = "shiroFilter") public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setSecurityManager(securityManager); shiroFilter.setLoginUrl("/login"); shiroFilter.setUnauthorizedUrl("/login"); shiroFilter.setSuccessUrl("/"); Map<String, Filter> filters = new HashMap<String, Filter>(); filters.put("anon", new AnonymousFilter()); filters.put("authc", new FormAuthenticationFilter()); filters.put("logout", new LogoutFilter()); filters.put("roles", new RolesAuthorizationFilter()); filters.put("user", new UserFilter()); shiroFilter.setFilters(filters); Map<String, String> chains = new LinkedHashMap<>(); chains.put("/login", "anon"); chains.put("/postLogin", "anon"); /** * 静态资源不拦截 * */ chains.put("/adminlte/**", "anon"); chains.put("/**","authc"); shiroFilter.setFilterChainDefinitionMap(chains); return shiroFilter; }
@Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception { // TODO Auto-generated method stub HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; String url = this.getSuccessUrl(); logger.info(url); return super.onLoginSuccess(token, subject, request, response); }
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { super.onLoginFailure(token, e, request, response); UsernamePasswordToken authcToken = (UsernamePasswordToken) token; if (!authcToken.isMobileLogin()) {
@Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) { if (isLoginRequest(request, response)) { if (isLoginSubmission(request, response)) { //本次用户登陆账号 String username = this.getUsername(request); Subject subject = this.getSubject(request, response); //之前登陆的用户 AuthUserDetails preAuthUserDetails = AuthContextHolder.getAuthUserDetails(); //如果两次登陆的用户不一样,则先退出之前登陆的用户 if (username != null && preAuthUserDetails != null && !username.equals(preAuthUserDetails.getUsername())) { subject.logout(); } } } return super.isAccessAllowed(request, response, mappedValue); }
/** * 登录成功之后跳转URL */ public String getSuccessUrl() { System.out.println("FormAuthenticationFilter----------------getSuccessUrl"); System.out.println("FormAuthenticationFilter---------getSuccessUrl:"+super.getSuccessUrl()); return super.getSuccessUrl(); }
@Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception { regenerateSession(subject); return super.onLoginSuccess(token, subject, request, response); } }
/** * 重写父类方法,当登录失败次数大于allowLoginNum(允许登录次)时,将显示验证码 */ protected boolean onLoginFailure(Account account, AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token; String username = usernamePasswordToken.getUsername(); //写入登录账号名称用于回显 request.setAttribute(KEY_AUTH_USERNAME_VALUE, username); if (e instanceof CaptchaValidationException) { request.setAttribute(KEY_AUTH_CAPTCHA_REQUIRED, Boolean.TRUE); } else if (e instanceof AuthenticationException) { //失败记录 if (account != null) { //最近连续失败次数累加,超过一定次数强制要求验证码 account.setLastFailureTimes(account.getLastFailureTimes() + 1); //总计认证失败次数累加,用于异常账户判断 account.setLogonFailureTimes(account.getLogonFailureTimes() + 1); //记录最后登录失败时间 account.setLastLogonFailureTime(DateUtils.currentDateTime()); account.setLogonFailureTimes(account.getLogonFailureTimes() + 1); accountService.save(account); //达到验证失败次数限制,传递标志属性,登录界面显示验证码输入 if (account.getLogonFailureTimes() > LOGON_FAILURE_LIMIT) { request.setAttribute(KEY_AUTH_CAPTCHA_REQUIRED, Boolean.TRUE); } } } return super.onLoginFailure(token, e, request, response); }
return super.isAccessAllowed(request, response, mappedValue);
@Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception { // TODO Auto-generated method stub HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; String url = this.getSuccessUrl(); logger.info(url); return super.onLoginSuccess(token, subject, request, response); }
@Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception { // TODO Auto-generated method stub HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; String url = this.getSuccessUrl(); logger.info(url); return super.onLoginSuccess(token, subject, request, response); }
return false; return super.onLoginSuccess(token, subject, request, httpServletResponse);