在shiro配置类中增加两个方法:
com.resthour.config.shrio.ShiroConfiguration
1 /** 2 * cookie管理对象 3 * @return 4 */ 5 @Bean 6 public CookieRememberMeManager cookieRememberMeManager(){ 7 log.info("shiroConfiguration:rememberMeManager"); 8 CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager(); 9 cookieRememberMeManager.setCookie(rememberMeCookie()); 10 return cookieRememberMeManager; 11 } 12 13 @Bean 14 public SimpleCookie rememberMeCookie(){ 15 log.info("shiroConfiguration:rememberMeCookie"); 16 /*这个参数是cookie的名称,对应前端页面的checkbox的name=remremberMe*/ 17 SimpleCookie simpleCookie = new SimpleCookie("rememberMe"); 18 /*cookie的有效时间为30天,单位秒*/ 19 simpleCookie.setMaxAge(259200); 20 return simpleCookie; 21 }
将rememberMeCookie注入到SecurityManager中
1 @Bean 2 public SecurityManager securityManager() { 3 DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); 4 /*设置realm*/ 5 securityManager.setRealm(myShiroRealm()); 6 /*注入缓存管理器*/ 7 securityManager.setCacheManager(ehCacheManager()); 8 /*注入cookie管理器*/ 9 securityManager.setRememberMeManager(cookieRememberMeManager()); 10 return securityManager; 11 }
在shiro过滤器加入记住我过滤器
1 @Bean 2 public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { 3 log.info("ShiroFilterFactoryBean 实例化"); 4 ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); 5 shiroFilterFactoryBean.setSecurityManager(securityManager); 6 7 Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); 8 filterChainDefinitionMap.put("/logout", "logout"); 9 /*匿名可以访问的地址*/ 10 filterChainDefinitionMap.put("/favicon.ico", "anon"); 11 filterChainDefinitionMap.put("/user/tologin", "anon"); 12 13 /*配置记住我或认证通过可以访问的地址*/ 14 filterChainDefinitionMap.put("/user/index", "user"); 15 filterChainDefinitionMap.put("/", "user"); 16 /*所有路径必须授权访问,且必须放在最后*/ 17 filterChainDefinitionMap.put("/**", "authc"); 18 /*登陆提交地址*/ 19 shiroFilterFactoryBean.setLoginUrl("/user/login"); 20 /*验证通过可以访问的地址*/ 21 shiroFilterFactoryBean.setSuccessUrl("/user/index"); 22 /*访问没有授权的资源*/ 23 shiroFilterFactoryBean.setUnauthorizedUrl("/403"); 24 25 shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); 26 27 return shiroFilterFactoryBean; 28 }
然后在登陆页面加入多选框记住我,关键name的值必须和shiro配置类中参数一致
SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <meta charset="UTF-8"> 5 <title>登陆页面</title> 6 </head> 7 <body> 8 错误信息:<h4 th:text="${msg}"></h4> 9 <form action="/user/login" method="post"> 10 <p>帐号:<input type="text" name="username" value="admin"></p> 11 <p>密码:<input type="text" name="password" value="1234"></p> 12 <p><input type="submit" value="登陆"><input type="checkbox" name="rememberMe">记住我</p> 13 </form> 14 15 </body> 16 </html>
最后附上完整的shiro配置类
1 package com.resthour.config.shrio; 2 3 import com.resthour.realm.MyShiroRealm; 4 import lombok.extern.slf4j.Slf4j; 5 import org.apache.shiro.cache.ehcache.EhCacheManager; 6 import org.apache.shiro.mgt.SecurityManager; 7 import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; 8 import org.apache.shiro.spring.web.ShiroFilterFactoryBean; 9 import org.apache.shiro.web.mgt.CookieRememberMeManager; 10 import org.apache.shiro.web.mgt.DefaultWebSecurityManager; 11 import org.apache.shiro.web.servlet.SimpleCookie; 12 import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; 13 import org.springframework.context.annotation.Bean; 14 import org.springframework.context.annotation.Configuration; 15 16 import java.util.LinkedHashMap; 17 import java.util.Map; 18 19 /** 20 * shiro配置类 21 * 22 * @author baobao 23 * @date 2018-04-01 14:48 24 */ 25 @Configuration 26 @Slf4j 27 public class ShiroConfiguration { 28 29 @Bean 30 public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { 31 log.info("ShiroFilterFactoryBean 实例化"); 32 ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); 33 shiroFilterFactoryBean.setSecurityManager(securityManager); 34 35 Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); 36 filterChainDefinitionMap.put("/logout", "logout"); 37 /*匿名可以访问的地址*/ 38 filterChainDefinitionMap.put("/favicon.ico", "anon"); 39 filterChainDefinitionMap.put("/user/tologin", "anon"); 40 41 /*配置记住我或认证通过可以访问的地址*/ 42 filterChainDefinitionMap.put("/user/index", "user"); 43 filterChainDefinitionMap.put("/", "user"); 44 /*所有路径必须授权访问,且必须放在最后*/ 45 filterChainDefinitionMap.put("/**", "authc"); 46 /*登陆提交地址*/ 47 shiroFilterFactoryBean.setLoginUrl("/user/login"); 48 /*验证通过可以访问的地址*/ 49 shiroFilterFactoryBean.setSuccessUrl("/user/index"); 50 /*访问没有授权的资源*/ 51 shiroFilterFactoryBean.setUnauthorizedUrl("/403"); 52 53 shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); 54 55 return shiroFilterFactoryBean; 56 } 57 58 @Bean 59 public SecurityManager securityManager() { 60 DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); 61 /*设置realm*/ 62 securityManager.setRealm(myShiroRealm()); 63 /*注入缓存管理器*/ 64 securityManager.setCacheManager(ehCacheManager()); 65 /*注入cookie管理器*/ 66 securityManager.setRememberMeManager(cookieRememberMeManager()); 67 return securityManager; 68 } 69 70 /** 71 * 自定义realm 72 * @return 73 */ 74 @Bean 75 public MyShiroRealm myShiroRealm() { 76 MyShiroRealm myShiroRealm = new MyShiroRealm(); 77 return myShiroRealm; 78 } 79 80 81 /** 82 * 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions),需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证 83 * 配置以下两个bean(DefaultAdvisorAutoProxyCreator和AuthorizationAttributeSourceAdvisor)即可实现此功能 84 * @return 85 */ 86 @Bean 87 public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){ 88 DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator(); 89 advisorAutoProxyCreator.setProxyTargetClass(true); 90 return advisorAutoProxyCreator; 91 } 92 93 /** 94 * 开启aop注解支持 95 * @param securityManager 96 * @return 97 */ 98 @Bean 99 public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { 100 AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); 101 authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); 102 return authorizationAttributeSourceAdvisor; 103 } 104 105 /** 106 * 缓存管理对象 107 * @return 108 */ 109 @Bean 110 public EhCacheManager ehCacheManager(){ 111 EhCacheManager ehCacheManager = new EhCacheManager(); 112 ehCacheManager.setCacheManagerConfigFile("classpath:config/ehcache-shiro.xml"); 113 return ehCacheManager; 114 } 115 116 /** 117 * cookie管理对象 118 * @return 119 */ 120 @Bean 121 public CookieRememberMeManager cookieRememberMeManager(){ 122 log.info("shiroConfiguration:rememberMeManager"); 123 CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager(); 124 cookieRememberMeManager.setCookie(rememberMeCookie()); 125 return cookieRememberMeManager; 126 } 127 128 @Bean 129 public SimpleCookie rememberMeCookie(){ 130 log.info("shiroConfiguration:rememberMeCookie"); 131 /*这个参数是cookie的名称,对应前端页面的checkbox的name=remremberMe*/ 132 SimpleCookie simpleCookie = new SimpleCookie("rememberMe"); 133 /*cookie的有效时间为30天,单位秒*/ 134 simpleCookie.setMaxAge(259200); 135 return simpleCookie; 136 } 137 138 139 140 }