关于shiro:Shiro使用之记住用户会话显示用户名

Shiro应用之记住用户、会话、显示用户名

    在登录用户时，点击记住我，从而下次登录时能够间接登录

一、记住用户

1、在SpringShiroConfig配置rememberMe对象

        /**     * 配置记住我的管理器对象     */    @Bean    public RememberMeManager rememberMeManager() {        CookieRememberMeManager cManager = new CookieRememberMeManager();        //    用户信息保留在cookie中        SimpleCookie cookie = new SimpleCookie("rememberMe");        //    保留工夫        cookie.setMaxAge(7 * 24 * 60 * 60);        cManager.setCookie(cookie);        return cManager;    }

2、将rememberMe注入securityManager

@Beanpublic org.apache.shiro.mgt.SecurityManager securityManager(Realm realm, CacheManager cacheManager,        RememberMeManager rememberMeManager) {    DefaultWebSecurityManager sManager = new DefaultWebSecurityManager();    // 写完realm后把它注入给securityManager    sManager.setRealm(realm);    sManager.setCacheManager(cacheManager);    sManager.setRememberMeManager(rememberMeManager);    return sManager;}

3、Controller层增加rememberMe判断

@RequestMapping("doLogin")public JsonResult doLogin(boolean isRemember, String username, String password) {    // 获取subject对象，负责提交客户端的账号信息    Subject subject = SecurityUtils.getSubject();    UsernamePasswordToken token = new UsernamePasswordToken(username, password);    // 记住我    if (isRemember) {        token.setRememberMe(true);    }    // 给securityManager提交用户信息    subject.login(token);    return new JsonResult("login ok");}

4、在ShiroFilterFactoryBean中增加rememberMe登录权限

 LinkedHashMap<String,String> map=new LinkedHashMap<>();//动态资源容许匿名拜访:"anon"map.put("/bower_components/**","anon");map.put("/build/**","anon");map.put("/dist/**","anon");map.put("/plugins/**","anon");map.put("/user/doLogin","anon");map.put("/doLogout", "logout");//主动查LoginUrl//除了匿名拜访的资源,其它都要认证("authc")后拜访map.put("/**","user");sfBean.setFilterChainDefinitionMap(map);return sfBean;}

会话

1、配置SpringShiroConfig

@Bean public SessionManager sessionManager() {DefaultWebSessionManager sManager=new DefaultWebSessionManager();//  设置保留工夫；默认是30分钟sManager.setGlobalSessionTimeout(60*60*1000);return sManager;}

2、注入到securityManager

@Beanpublic org.apache.shiro.mgt.SecurityManager securityManager(Realm realm, CacheManager cacheManager,        RememberMeManager rememberMeManager, SessionManager sessionManager) {    DefaultWebSecurityManager sManager = new DefaultWebSecurityManager();    // 写完realm后把它注入给securityManager    sManager.setRealm(realm);    sManager.setCacheManager(cacheManager);    sManager.setRememberMeManager(rememberMeManager);    sManager.setSessionManager(sessionManager);    return sManager;}

三、依据登录用户在头像处显示用户名

• 首先在进入零碎的显示页面管制层增加获取用户信息的办法，而后借助Modle存入域中

@RequestMapping("doIndexUI")public String doIndexUI(Model model) {    //    从shiro框架中的session对象中取用户    SysUser user = (SysUser)SecurityUtils.getSubject().getPrincipal();    model.addAttribute("user",user);    model.addAttribute("username",user.getUsername());    return "starter";    }

• 在前端页面中显示姓名的元素中从域中取出存入的用户名

登录 admin用户