Shiro知识点备忘录

1、Shiro手动认证

Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(user.getUserName(), user.getPassword()); 
// 开始进入shiro的认证流程
currentUser.login(token)

2、Shiro免密码登录

//获取用户信息，可以使用token等其它唯一字段获取用户信息
SystemService systemService = SpringContextHolder.getBean(SystemService.class);
User user = systemService.getUserByLoginName("sheungxin");
//定义授权用户信息，Principal为自定义授权用户基本信息
PrincipalCollection principals = new SimplePrincipalCollection(new Principal(user,false), "MobileRealm");  
ServletRequestAttributes servletRequestAttributes=(ServletRequestAttributes)RequestContextHolder.getRequestAttributes();
//创建WebSubject，根据自己的应用选择需要创建的Subject类
Builder builder = new WebSubject.Builder(  
        servletRequestAttributes.getRequest(),  
        servletRequestAttributes.getResponse());  
builder.principals(principals);  
builder.authenticated(true);  
WebSubject subject = builder.buildWebSubject();  
//为shiro线程变量绑定Subject
ThreadContext.bind(subject);

3、Shiro登录成功之后跳到指定URL