Spring boot后台搭建二集成Shiro添加Remember Me

上一片文章实现了用户验证  查看

当用户成功登录后，关闭浏览器，重新打开浏览器访问http://localhost:8080，页面会跳转到登录页，因为浏览器的关闭后之前的登录已失效

Shiro提供了Remember Me的功能，用户的登录状态不会因为浏览器的关闭而失效，直到Cookie过期

1.修改ShiroConfig

（1）添加

/**
     * cookie对象
     * @return
     */
    public SimpleCookie rememberMeCookie() {
        // 设置cookie名称，对应login.html页面的<input type="checkbox" name="rememberMe"/>
        SimpleCookie cookie = new SimpleCookie("rememberMe");
        // 设置cookie的过期时间，单位为秒，这里为一天
        cookie.setMaxAge(86400);
        return cookie;
    }

    /**
     * cookie管理对象
     * @return
     */
    public CookieRememberMeManager rememberMeManager() {
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        cookieRememberMeManager.setCookie(rememberMeCookie());
        // rememberMe cookie加密的密钥
        cookieRememberMeManager.setCipherKey(Base64.decode("4AvVhmFLUs0KTA3Kprsdag=="));
        return cookieRememberMeManager;
    }

（2）将cookie管理对象设置到SecurityManager

　　修改securityManager()为

@Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager =  new DefaultWebSecurityManager();
        securityManager.setRealm(myShiroRealm());
        securityManager.setRememberMeManager(rememberMeManager());//新加
        return securityManager;
    }

（3）改权限配置

　　将ShiroFilterFactoryBean的

filterChainDefinitionMap.put("/**", "authc")

　　修改为

filterChainDefinitionMap.put("/**", "user");

说明：

　　user指的是用户认证通过或者配置了Remember Me记住用户登录状态后可访问

2.修改login.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
    <link rel="stylesheet" th:href="@{/css/login.css}" type="text/css">
    <link rel="stylesheet" th:href="@{css/iCheck/minimal/blue.css}" type="text/css">
    <link rel="stylesheet" th:href="@{css/app.css}" type="text/css">
    <script th:src="@{/js/jquery.min.js}"></script>
</head>
<body>
<div class="login-page">
    <!-- Form-->
    <div class="form">
        <div class="form-toggle"></div>
        <div class="form-panel one">
            <div class="form-header">
                <h1>账户登录</h1>
            </div>
            <div class="form-content">
                <div class="form-group">
                    <label>用户名</label>
                    <input type="text" name="account" />
                </div>
                <div class="form-group">
                    <label>密码</label>
                    <input type="password" name="password" />
                </div>
                <div class="form-group" style="margin: 0px;">
                    <p>
                        <input type="checkbox" name="rememberMe" />&nbsp;&nbsp;记住我</p>
                </div>
                <div class="form-group">
                    <button onclick="login()" id="loginButton">登录</button>
                </div>
            </div>
        </div>
    </div>

</div>
</body>
<script th:inline="javascript">
    var ctx = [[@{/}]];
        function login() {
            var account = $("input[name='account']").val();
            var password = $("input[name='password']").val();
            var rememberMe = $("input[name='rememberMe']").is(':checked');
            $.ajax({
                type: "post",
                url: ctx + "login",
                data: {"account": account,"password": password,"rememberMe": rememberMe},
                dataType: "json",
                success: function (r) {
                    if (r.code == 0) {
                        location.href = ctx + 'index';
                    } else {
                        alert(r.msg);
                    }
                }
            });
        }
</script>
</html>

3.修改LoginController

@PostMapping("/login")
    @ResponseBody
    public ResponseBo login(String account, String password, Boolean rememberMe) {
        System.out.println(rememberMe);
        // 密码MD5加密
        password = MD5Utils.encrypt(account, password);
        System.out.println(password);
        UsernamePasswordToken token = new UsernamePasswordToken(account, password);
        rememberMe = rememberMe == null ? false : rememberMe;   //null=>false
        token.setRememberMe(rememberMe);
        //UsernamePasswordToken token = new UsernamePasswordToken(username, password,rememberMe);
        // 获取Subject对象
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.login(token);
            if (rememberMe)  System.out.println("rememberMe--------");
            return ResponseBo.ok();
        } catch (UnknownAccountException e) {
            return ResponseBo.error(e.getMessage());
        } catch (IncorrectCredentialsException e) {
            return ResponseBo.error(e.getMessage());
        } catch (LockedAccountException e) {
            return ResponseBo.error(e.getMessage());
        } catch (AuthenticationException e) {
            return ResponseBo.error("认证失败！");
        }
    }

rememberMe选中的时候，Shiro就会帮忙记住用户的登录状态

 说明：

　　如果遇到下面错误

2019-06-24 15:37:49.620 WARN 12952 --- [nio-8088-exec-2] o.a.shiro.mgt.DefaultSecurityManager : Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during onSuccessfulLogin. RememberMe services will not be performed for account [com.sfn.bms.system.model.User@86fc436].

org.apache.shiro.io.SerializationException: Unable to serialize object [com.sfn.bms.system.model.User@86fc436]. In order for the DefaultSerializer to serialize this object, the [org.apache.shiro.subject.SimplePrincipalCollection] class must implement java.io.Serializable.

　　解决方法查看