Skip to content

Commit

Permalink
解决shiro先验证用户名密码,失败了才会验证验证码的问题
Browse files Browse the repository at this point in the history
  • Loading branch information
@atjiu
atjiu committed Jan 23, 2021
1 parent 3226685 commit ace3654
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 32 deletions.
47 changes: 19 additions & 28 deletions src/main/java/co/yiiu/pybbs/config/ShiroConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,16 @@
import co.yiiu.pybbs.config.realm.MyShiroRealm;
import co.yiiu.pybbs.service.ISystemConfigService;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.filter.mgt.DefaultFilter;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
Expand All @@ -33,55 +30,52 @@
@Configuration
public class ShiroConfig {

private Logger log = LoggerFactory.getLogger(ShiroConfig.class);
private final Logger log = LoggerFactory.getLogger(ShiroConfig.class);

@Autowired
private MyShiroRealm myShiroRealm;
@Autowired
private ISystemConfigService systemConfigService;

@Bean
public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager securityManager) {
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager) {
log.info("开始配置shiroFilter...");
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);

//拦截器.
Map<String, String> map = new HashMap<>();

// 配置不会被拦截的链接 顺序判断 相关静态资源
map.put("/static/**", DefaultFilter.anon.name());

//配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了
map.put("/adminlogout", DefaultFilter.logout.name());
map.put("/static/**", "anon");
// 登录验证的地址不能跟打开页面的地址一样,否则shiro是先验证用户名密码,失败了才会验证验证码
map.put("/admin/login", "anon");
map.put("/admin/logout", "anon");

//<!-- 过滤链定义,从上向下顺序执行,一般将/**放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了;

//<!-- authc:所有url都必须认证通过才可以访问; user: 表示rememberMe后就可以访问 anon:所有url都都可以匿名访问 {@link org.apache.shiro.web.filter.mgt.DefaultFilter}-->
map.put("/admin/permission/**", DefaultFilter.perms.name());
map.put("/admin/role/**", DefaultFilter.perms.name());
map.put("/admin/system/**", DefaultFilter.perms.name());
map.put("/admin/admin_user/**", DefaultFilter.perms.name());
map.put("/admin/permission/**", "perms");
map.put("/admin/role/**", "perms");
map.put("/admin/system/**", "perms");
map.put("/admin/admin_user/**", "perms");

map.put("/admin/**", DefaultFilter.user.name());
map.put("/admin/**", "user");
// map.put("/admin/comment/**", "user");
// map.put("/admin/sensitive_word/**", "user");
// map.put("/admin/tag/**", "user");
// map.put("/admin/topic/**", "user");
// map.put("/admin/user/**", "user");

// map.put("/adminlogin", "myShiroFilter");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);

// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/adminlogin");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/admin/index");

//未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl("/adminlogin");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);

// Map<String, Filter> filters = new HashMap<>();
// shiroFilterFactoryBean.setFilters(filters);

return shiroFilterFactoryBean;
}
Expand All @@ -94,8 +88,8 @@ public MyCredentialsMatcher myCredentialsMatcher() {
}

// 安全管理器配置
@Bean(name = "securityManager")
public SecurityManager securityManager() {
@Bean
public DefaultWebSecurityManager defaultWebSecurityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
myShiroRealm.setCredentialsMatcher(myCredentialsMatcher());
securityManager.setRealm(myShiroRealm);
Expand All @@ -105,11 +99,9 @@ public SecurityManager securityManager() {

//加入注解的使用,不加入这个注解不生效
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager")
SecurityManager
securityManager) {
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager defaultWebSecurityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
authorizationAttributeSourceAdvisor.setSecurityManager(defaultWebSecurityManager);
return authorizationAttributeSourceAdvisor;
}

Expand All @@ -120,8 +112,7 @@ public SimpleCookie rememberMeCookie() {
//这个参数是cookie的名称,对应前端的checkbox的name = rememberMe
SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
// 记住我cookie生效时间 单位秒
int adminRememberMeMaxAge = Integer.parseInt(systemConfigService.selectAllConfig().get
("admin_remember_me_max_age").toString());
int adminRememberMeMaxAge = Integer.parseInt(systemConfigService.selectAllConfig().get("admin_remember_me_max_age").toString());
simpleCookie.setMaxAge(adminRememberMeMaxAge * 24 * 60 * 60);
return simpleCookie;
}
Expand Down
11 changes: 9 additions & 2 deletions src/main/java/co/yiiu/pybbs/controller/admin/IndexAdminController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,8 +89,9 @@ public String adminlogin() {
}

// 处理后台登录逻辑
@PostMapping("/adminlogin")
public String adminlogin(String username, String password, String code, HttpSession session, @RequestParam(defaultValue = "0") Boolean rememberMe,
@PostMapping("/admin/login")
public String adminlogin(String username, String password, String code, HttpSession session,
@RequestParam(defaultValue = "0") Boolean rememberMe,
HttpServletRequest request, RedirectAttributes redirectAttributes) {
String url = WebUtils.getSavedRequest(request) == null ? "/admin/index" : WebUtils.getSavedRequest(request).getRequestUrl();
String captcha = (String) session.getAttribute("_captcha");
Expand Down Expand Up @@ -134,4 +135,10 @@ public String adminlogin(String username, String password, String code, HttpSess
}
return redirect(url);
}

@GetMapping("/admin/logout")
public String logout() {
SecurityUtils.getSubject().logout();
return redirect("/adminlogin");
}
}
2 changes: 1 addition & 1 deletion src/main/resources/templates/admin/layout/menu.ftl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@
</li>
</#if>
<li>
<a href="/adminlogout">
<a href="/admin/logout">
<i class="fa fa-sign-out"></i>
<span>${i18n.getMessage("logout")}</span>
</a>
Expand Down
2 changes: 1 addition & 1 deletion src/main/resources/templates/admin/login.ftl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
<#if error??>
<div class="text-red">${error!}</div>
</#if>
<form id="form" action="/adminlogin" method="post">
<form id="form" action="/admin/login" method="post">
<div class="form-group has-feedback">
<input type="text" class="form-control" id="username" name="username" value="${username!}" placeholder="用户名">
<span class="glyphicon glyphicon-envelope form-control-feedback"></span>
Expand Down

0 comments on commit ace3654

Please sign in to comment.