Java Code Examples for org.apache.shiro.authc.UsernamePasswordToken#clear()
The following examples show how to use
org.apache.shiro.authc.UsernamePasswordToken#clear() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: LoginController.java From springboot-learn with MIT License | 6 votes |
|
/**
* 登录
*
* @param username
* @param password
* @return
*/
@PostMapping("/login")
@ResponseBody
public Object submitLogin(String username, String password, boolean rememberMe, String kaptcha) {
UsernamePasswordToken token = new UsernamePasswordToken(username, password, rememberMe);
//获取当前的Subject
Subject currentUser = SecurityUtils.getSubject();
try {
// 在调用了login方法后,SecurityManager会收到AuthenticationToken,并将其发送给已配置的Realm执行必须的认证检查
// 每个Realm都能在必要时对提交的AuthenticationTokens作出反应
// 所以这一步在调用login(token)方法时,它会走到xxRealm.doGetAuthenticationInfo()方法中,具体验证方式详见此方法
currentUser.login(token);
System.out.println("登录成功!");
return 200;
} catch (Exception e) {
logger.error("登录失败,用户名[{}]", username, e);
token.clear();
return 500;
}
}
Example 2
| Source File: PassportController.java From springboot-shiro with MIT License | 6 votes |
|
/**
* 登录
*
* @param username
* @param password
* @return
*/
@PostMapping("/signin")
@ResponseBody
public ResponseVO submitLogin(String username, String password, boolean rememberMe, String kaptcha) {
UsernamePasswordToken token = new UsernamePasswordToken(username, password, rememberMe);
//获取当前的Subject
Subject currentUser = SecurityUtils.getSubject();
try {
// 在调用了login方法后,SecurityManager会收到AuthenticationToken,并将其发送给已配置的Realm执行必须的认证检查
// 每个Realm都能在必要时对提交的AuthenticationTokens作出反应
// 所以这一步在调用login(token)方法时,它会走到xxRealm.doGetAuthenticationInfo()方法中,具体验证方式详见此方法
currentUser.login(token);
return ResultUtil.success("登录成功!");
} catch (Exception e) {
log.error("登录失败,用户名[{}]", username, e);
token.clear();
return ResultUtil.error(e.getMessage());
}
}
Example 3
| Source File: PageController.java From JavaQuarkBBS with Apache License 2.0 | 6 votes |
|
/**
* 用户登录
* @param request
* @param user
* @param model
* @return
*/
@RequestMapping(value = "/login",method = RequestMethod.POST)
public String login(HttpServletRequest request, AdminUser user, Model model) {
if (StringUtils.isEmpty(user.getUsername())||StringUtils.isEmpty(user.getPassword())){
request.setAttribute("msg","用户名或者密码不能为空!");
return "login";
}
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken(user.getUsername(),user.getPassword());
try {
subject.login(token);
return "redirect:/initPage";
}catch (LockedAccountException lae) {
token.clear();
request.setAttribute("msg", "用户已经被锁定不能登录,请与管理员联系!");
return "login";
} catch (AuthenticationException e) {
token.clear();
request.setAttribute("msg", "用户或密码不正确!");
return "login";
}
}
Example 4
| Source File: PassportController.java From OneBlog with GNU General Public License v3.0 | 5 votes |
|
/**
* 登录
*
* @param username
* @param password
* @return
*/
@BussinessLog("[{1}]登录系统")
@PostMapping("/signin")
@ResponseBody
public ResponseVO submitLogin(String username, String password, boolean rememberMe, String kaptcha) {
if (config.isEnableKaptcha()) {
if (StringUtils.isEmpty(kaptcha) || !kaptcha.equals(SessionUtil.getKaptcha())) {
return ResultUtil.error("验证码错误!");
}
SessionUtil.removeKaptcha();
}
UsernamePasswordToken token = new UsernamePasswordToken(username, password, rememberMe);
//获取当前的Subject
Subject currentUser = SecurityUtils.getSubject();
try {
// 在调用了login方法后,SecurityManager会收到AuthenticationToken,并将其发送给已配置的Realm执行必须的认证检查
// 每个Realm都能在必要时对提交的AuthenticationTokens作出反应
// 所以这一步在调用login(token)方法时,它会走到xxRealm.doGetAuthenticationInfo()方法中,具体验证方式详见此方法
currentUser.login(token);
SavedRequest savedRequest = WebUtils.getSavedRequest(RequestHolder.getRequest());
String historyUrl = null;
if(null != savedRequest) {
if(!savedRequest.getMethod().equals("POST")) {
historyUrl = savedRequest.getRequestUrl();
}
}
return ResultUtil.success(null, historyUrl);
} catch (Exception e) {
log.error("登录失败,用户名[{}]:{}", username, e.getMessage());
token.clear();
return ResultUtil.error(e.getMessage());
}
}
Example 5
| Source File: RestController.java From springboot-shiro-cas-mybatis with MIT License | 4 votes |
|
/**
* 前后端分离的情况之下rest风格登录获取TGT ST
* @Description:TODO
* @author:hsj qq:2356899074
* @time:2017年12月1日 下午2:49:40
* @param req
* @param respon
* @return
* @throws Exception
*/
@RequestMapping("/restlogin")
public String restlogin(HttpServletRequest req,HttpServletResponse respon)throws Exception{
// return RestFulLogin.validateFromCAS("hsjhsj", "hsjhsj");
//校验有没有username和password
String username = "hsjhsj";
UsernamePasswordToken token = new UsernamePasswordToken("hsjhsj","hsjhsj");
//获取当前的Subject
Subject currentUser = SecurityUtils.getSubject();
try {
//在调用了login方法后,SecurityManager会收到AuthenticationToken,并将其发送给已配置的Realm执行必须的认证检查
//每个Realm都能在必要时对提交的AuthenticationTokens作出反应
//所以这一步在调用login(token)方法时,它会走到MyRealm.doGetAuthenticationInfo()方法中,具体验证方式详见此方法
logger.info("对用户[" + username + "]进行登录验证..验证开始");
currentUser.login(token);
logger.info("对用户[" + username + "]进行登录验证..验证通过");
}catch(UnknownAccountException uae){
logger.info("对用户[" + username + "]进行登录验证..验证未通过,未知账户");
return "403";
}catch(IncorrectCredentialsException ice){
logger.info("对用户[" + username + "]进行登录验证..验证未通过,错误的凭证");
return "403";
}catch(LockedAccountException lae){
logger.info("对用户[" + username + "]进行登录验证..验证未通过,账户已锁定");
return "403";
}catch(ExcessiveAttemptsException eae){
logger.info("对用户[" + username + "]进行登录验证..验证未通过,错误次数过多");
return "403";
}catch(AuthenticationException ae){
//通过处理Shiro的运行时AuthenticationException就可以控制用户登录失败或密码错误时的情景
logger.info("对用户[" + username + "]进行登录验证..验证未通过,堆栈轨迹如下");
ae.printStackTrace();
return "403";
}
//验证是否登录成功
if(currentUser.isAuthenticated()){
logger.info("用户[" + username + "]登录认证通过(这里可以进行一些认证通过后的一些系统参数初始化操作)");
return "inde";
}else{
token.clear();
return "403";
}
}
Example 6
| Source File: UserController.java From demo-springmvc-shiro with Apache License 2.0 | 4 votes |
|
@RequestMapping(value="/login", method=RequestMethod.POST)
public String login(String username, String password, HttpServletRequest request){
System.out.println("-------------------------------------------------------");
String rand = (String)request.getSession().getAttribute("rand");
String captcha = WebUtils.getCleanParam(request, "captcha");
System.out.println("用户["+username+"]登录时输入的验证码为["+captcha+"],HttpSession中的验证码为["+rand+"]");
if(!StringUtils.equals(rand, captcha)){
request.setAttribute("message_login", "验证码不正确");
return InternalResourceViewResolver.FORWARD_URL_PREFIX + "/";
}
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
token.setRememberMe(true);
System.out.print("为验证登录用户而封装的Token:");
System.out.println(ReflectionToStringBuilder.toString(token, ToStringStyle.MULTI_LINE_STYLE));
//获取当前的Subject
Subject currentUser = SecurityUtils.getSubject();
try {
//在调用了login方法后,SecurityManager会收到AuthenticationToken,并将其发送给已配置的Realm执行必须的认证检查
//每个Realm都能在必要时对提交的AuthenticationTokens作出反应
//所以这一步在调用login(token)方法时,它会走到MyRealm.doGetAuthenticationInfo()方法中,具体验证方式详见此方法
System.out.println("对用户[" + username + "]进行登录验证...验证开始");
currentUser.login(token);
System.out.println("对用户[" + username + "]进行登录验证...验证通过");
}catch(UnknownAccountException uae){
System.out.println("对用户[" + username + "]进行登录验证...验证未通过,未知账户");
request.setAttribute("message_login", "未知账户");
}catch(IncorrectCredentialsException ice){
System.out.println("对用户[" + username + "]进行登录验证...验证未通过,错误的凭证");
request.setAttribute("message_login", "密码不正确");
}catch(LockedAccountException lae){
System.out.println("对用户[" + username + "]进行登录验证...验证未通过,账户已锁定");
request.setAttribute("message_login", "账户已锁定");
}catch(ExcessiveAttemptsException eae){
System.out.println("对用户[" + username + "]进行登录验证...验证未通过,错误次数过多");
request.setAttribute("message_login", "用户名或密码错误次数过多");
}catch(AuthenticationException ae){
//通过处理Shiro的运行时AuthenticationException就可以控制用户登录失败或密码错误时的情景
System.out.println("对用户[" + username + "]进行登录验证...验证未通过,堆栈轨迹如下");
ae.printStackTrace();
request.setAttribute("message_login", "用户名或密码不正确");
}
//验证是否登录成功
if(currentUser.isAuthenticated()){
System.out.println("用户[" + username + "]登录认证通过(这里可进行一些认证通过后的系统参数初始化操作)");
return "main";
}else{
token.clear();
return InternalResourceViewResolver.FORWARD_URL_PREFIX + "/";
}
}
