2. shiro-记住我

2. shiro-记住我

#在用户认证的基础上修改shiroConf, 添加

/**
     * cookie管理器
     * @return
     */
    private CookieRememberMeManager cookieRememberMeManager() {
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        //rememberme cookie加密的密钥
        byte[] cipherKey = Base64.decode("wrjUh2ttBPQLnT4JVhriug==");
        //设置密匙, 防止有人恶意修改cookie
        cookieRememberMeManager.setCipherKey(cipherKey);
        cookieRememberMeManager.setCookie(rememberMeCookie());
        return cookieRememberMeManager;
    }
    /**
     * 设置cookie相关属性
     * @return
     */
    private SimpleCookie rememberMeCookie(){
        // 设置cookie名称,对应login.html页面的<input type="checkbox" name="rememberMe"/>
        SimpleCookie cookie = new SimpleCookie("rememberMe");
        // 设置cookie的过期时间,单位为秒,这里为一天
        cookie.setMaxAge(86400);
        //如果httpOnly设置为true,则客户端不会暴露给客户端脚本代码,使用HttpOnly cookie有助于减少某些类型的跨站点脚本攻击;
        cookie.setHttpOnly(true);
        return cookie;
    }

#AES加密

/**
	 * AES	Cookie加密 wrjUh2ttBPQLnT4JVhriug==
	 * @throws NoSuchAlgorithmException
	 */
	@Test
	public void testAES() throws NoSuchAlgorithmException {
		KeyGenerator keygen = KeyGenerator.getInstance("AES");
		SecretKey deskey = keygen.generateKey();
		System.out.println(Base64.encodeToString(deskey.getEncoded()));
	}

#修改SecurityManager

@Bean
    public DefaultWebSecurityManager securityManager(Realm userRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联realm
        securityManager.setRealm(userRealm);
        //设置cookie管理器
        securityManager.setRememberMeManager(cookieRememberMeManager());
        return securityManager;
    }

#修改login.html

<div class="login-page">
    <div class="form">
        <input type="text" placeholder="用户名" name="name" required="required"/><span id="s1"></span>
        <input type="password" placeholder="密码" name="password" required="required"/><span id="s2"></span>
        <!--        对应simpleCookie设置的值-->
        <p><input type="checkbox" name="rememberMe"/>记住我</p>
        <button onclick="login()">登录</button>
        <button onclick="register()">注册</button>
    </div>
</div>

#修改对应的api

@ResponseBody
    @PostMapping(value = "/login")
    //可以将多个参数绑定到一个对象,将另外一个参数绑定到一个简单参数
    public String login(User user,
                        @RequestParam(value = "rememberMe",required = false) Boolean rememberMe) {
        System.out.println(rememberMe);
        //checkbox中如果钩中就是true,如果没有钩中就是null
        log.info("在执行用户认证时调用了数据库,原因不明");
        //获取当前用户
        Subject currentUser = SecurityUtils.getSubject();
        UsernamePasswordToken token =
                //设置remember属性
                //记住我,会生成一个cookie,如果没有rememberMe默认是一个临时的cookie浏览器关闭就死亡
                new UsernamePasswordToken(user.getName(), user.getPassword(),rememberMe);
        try {
            currentUser.login(token);
            return "0";
        } catch (UnknownAccountException e) {
            System.out.println("用户名错误");
            return "用户名错误或密码错误";
        } catch (IncorrectCredentialsException e) {
            System.out.println("密码错误");
            return "用户名错误或密码错误";
        }
    }
}