此文老貓原創,轉載請加本文連接:http://blog.csdn.net/nthack5730/article/details/51124171
更多有關老貓的文章:http://blog.csdn.net/nthack5730
<property name="filterChainDefinitions">
<value>
<!-- 對靜態資源設置匿名訪問 -->
/js/** = anon
/css/** = anon
/img/** = anon
/fonts/** = anon
/scripts/** = anon
</value>
</property>
/**
* This default implementation merely returns <code>true</code> if the request is an HTTP <code>POST</code>,
* <code>false</code> otherwise. Can be overridden by subclasses for custom login submission detection behavior.
*
* @param request the incoming ServletRequest
* @param response the outgoing ServletResponse.
* @return <code>true</code> if the request is an HTTP <code>POST</code>, <code>false</code> otherwise.
*/
@SuppressWarnings({"UnusedDeclaration"})
protected boolean isLoginSubmission(ServletRequest request, ServletResponse response) {
return (request instanceof HttpServletRequest) && WebUtils.toHttp(request).getMethod().equalsIgnoreCase(POST_METHOD);
}
此文老貓原創,轉載請加本文連接:http://blog.csdn.net/nthack5730/article/details/51124171
更多有關老貓的文章:http://blog.csdn.net/nthack5730
<form action="${pageContext.request.contextPath }/login.action" method="post">
<div>
<input type="text" name="username" class="username"
placeholder="用戶名 / UID" autocomplete="off" required/>
</div>
<div>
<input type="password" name="password" class="password"
placeholder="密碼" oncontextmenu="return false"
onpaste="return false" required/>
</div>
<button id="submit" type="submit" class="btn btn-success btn-block loginbtn">登陸</button>
</form>
protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) {
String username = getUsername(request);
String password = getPassword(request);
return createToken(username, password, request, response);
}
public String login() {
return "login";
}
@Controller("LoginAction")
@Scope("prototype")
<!-- user名空間 -->
<package name="user" namespace="/user" extends="struts-default">
<!-- 登陸提交的地址,和applicationContext-shiro.xml中配置的loginurl一致 -->
<action name="login" class="com.my.action.LoginAction" method="login">
<result name="login">/WEB-INF/jsp/login.jsp</result>
</action>
</package>
public String login() throws Exception {
//從request中獲取FormAuthenticationFilter填充的異常信息,就是ShiroLoginFailure的全限定名
String exceptionClassName = (String) request.get("shiroLoginFailure");
//根據Shiro返回的異常類信息判斷,拋出並處理這個異常信息
if (UnknownAccountException.class.getName().equals(exceptionClassName)) {
error = "用戶不存在,請覈對用戶名";//如果UnknownAccountException拋出這個異常,表示賬號不存在
} else if (IncorrectCredentialsException.class.getName().equals(
exceptionClassName)) {
error = "用戶名/密碼錯誤";
} else if (exceptionClassName != null) {
error = "其他錯誤:" + exceptionClassName;
}
//此方法不處理登陸成功,shiro認證成功會跳轉到上一個路徑
//登陸失敗,還到login頁面
return "login";
}
public class BaseAction<T> extends ActionSupport implements RequestAware,
SessionAware, ApplicationAware, ModelDriven<T> {
/**
*
*/
private static final long serialVersionUID = 1L;
protected T model; // 這裏使用protected是爲了可以封裝 也可以繼承
public Map<String, Object> application;
public Map<String, Object> request;
public Map<String, Object> session;
...
}
此文老貓原創,轉載請加本文連接:http://blog.csdn.net/nthack5730/article/details/51124171
更多有關老貓的文章:http://blog.csdn.net/nthack5730
<property name="filterChainDefinitions">
<value>
<!-- 對靜態資源設置匿名訪問 -->
/js/** = anon
/css/** = anon
/img/** = anon
/fonts/** = anon
/scripts/** = anon
<!-- /** = authc 表示所有URL都必須認證纔可以通過訪問 -->
/** = authc
</value>
</property>
此文老貓原創,轉載請加本文連接:http://blog.csdn.net/nthack5730/article/details/51124171
更多有關老貓的文章:http://blog.csdn.net/nthack5730
<!-- 請求logout.action地址,shiro去清除session -->
/logout.action = logout