Commits

conanca committed 9dd07d2

登录弃用过滤器方式

Comments (0)

Files changed (4)

src/main/java/com/dolplay/nutzshiro/MvcSetup.java

 
 import java.util.List;
 
-import javax.sql.DataSource;
-
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.crypto.RandomNumberGenerator;
 import org.apache.shiro.crypto.SecureRandomNumberGenerator;
 import org.apache.shiro.crypto.hash.Sha256Hash;
 import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.util.ByteSource;
 import org.nutz.dao.Dao;
 import org.nutz.dao.impl.FileSqlManager;
-import org.nutz.dao.impl.NutDao;
 import org.nutz.dao.sql.Sql;
 import org.nutz.ioc.Ioc;
 import org.nutz.mvc.NutConfig;
 import com.dolplay.nutzshiro.domain.Permission;
 import com.dolplay.nutzshiro.domain.Role;
 import com.dolplay.nutzshiro.domain.User;
-import com.jolbox.bonecp.BoneCPDataSource;
 
 public class MvcSetup implements Setup {
 
 			dao.execute(sqlList.toArray(new Sql[sqlList.size()]));
 			// 初始化用户密码(全部都是123)及salt
 			List<User> userList = dao.query(User.class, null);
-			for(User user:userList){
+			for (User user : userList) {
 				RandomNumberGenerator rng = new SecureRandomNumberGenerator();
 				String salt = rng.nextBytes().toBase64();
 				String hashedPasswordBase64 = new Sha256Hash("123", salt, 1024).toBase64();

src/main/java/com/dolplay/nutzshiro/filter/AuthenticationFilter.java

-package com.dolplay.nutzshiro.filter;
-
-import java.util.Map;
-
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.UsernamePasswordToken;
-import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.ThreadContext;
-import org.apache.shiro.web.util.WebUtils;
-import org.nutz.lang.Strings;
-import org.nutz.mvc.ActionContext;
-import org.nutz.mvc.ActionFilter;
-import org.nutz.mvc.Mvcs;
-import org.nutz.mvc.View;
-import org.nutz.mvc.view.JspView;
-import org.nutz.mvc.view.ViewWrapper;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.dolplay.nutzshiro.util.MvcUtils;
-
-public class AuthenticationFilter implements ActionFilter {
-	final static Logger logger = LoggerFactory.getLogger(AuthenticationFilter.class);
-
-	public static final String DEFAULT_USERNAME_PARAM = "username";
-	public static final String DEFAULT_PASSWORD_PARAM = "password";
-	public static final String DEFAULT_REMEMBER_ME_PARAM = "rememberMe";
-	public static final String DEFAULT_LOGIN_URL = "/login";
-
-	private String loginUrl = DEFAULT_LOGIN_URL;
-	private String usernameParam = DEFAULT_USERNAME_PARAM;
-	private String passwordParam = DEFAULT_PASSWORD_PARAM;
-	private String rememberMeParam = DEFAULT_REMEMBER_ME_PARAM;
-	private SecurityManager securityManager;
-
-	@Override
-	public View match(ActionContext actionContext) {
-		View view = null;
-		String path = actionContext.getPath();
-		if (!Strings.isEmpty(path) && path.equals(loginUrl)) {
-			try {
-				boolean isLogin = executeLogin(actionContext.getRequest(), actionContext.getResponse());
-				if (!isLogin) {
-					Map<String, Object> msgs = Mvcs.getLocaleMessage("zh_CN");
-					String errMsg = msgs.get("login_error").toString();
-					view = new ViewWrapper(new JspView("/index"), errMsg);
-					logger.info("登录失败");
-				}
-			} catch (Exception e) {
-				logger.error("登录出错", e);
-				view = new ViewWrapper(new JspView("/index"), "登录出错");
-			}
-		}
-
-		return view;
-	}
-
-	protected String getHost(ServletRequest request) {
-		return request.getRemoteHost();
-	}
-
-	protected AuthenticationToken createToken(String username, String password, boolean rememberMe, String host) {
-		return new UsernamePasswordToken(username, password, rememberMe, host);
-	}
-
-	protected AuthenticationToken createToken(String username, String password, boolean rememberMe,
-			ServletRequest request, ServletResponse response) {
-		String host = getHost(request);
-		return createToken(username, password, rememberMe, host);
-	}
-
-	protected String getUsername(ServletRequest request) {
-		return WebUtils.getCleanParam(request, getUsernameParam());
-	}
-
-	protected String getPassword(ServletRequest request) {
-		return WebUtils.getCleanParam(request, getPasswordParam());
-	}
-
-	protected boolean isRememberMe(ServletRequest request) {
-		return WebUtils.isTrue(request, getRememberMeParam());
-	}
-
-	protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) {
-		String username = getUsername(request);
-		String password = getPassword(request);
-		// TODO password可加密
-		boolean rememberMe = isRememberMe(request);
-		return createToken(username, password, rememberMe, request, response);
-	}
-
-	protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request,
-			ServletResponse response) throws Exception {
-		return true;
-	}
-
-	protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request,
-			ServletResponse response) {
-		return false;
-	}
-
-	protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
-		AuthenticationToken token = createToken(request, response);
-		if (token == null) {
-			String msg = "createToken method implementation returned null. A valid non-null AuthenticationToken "
-					+ "must be created in order to execute a login attempt.";
-			throw new IllegalStateException(msg);
-		}
-		try {
-			Subject subject = MvcUtils.getSubject(securityManager, request, response);
-			ThreadContext.bind(subject);
-			subject.login(token);
-			return onLoginSuccess(token, subject, request, response);
-		} catch (AuthenticationException e) {
-			return onLoginFailure(token, e, request, response);
-		}
-	}
-
-	public String getUsernameParam() {
-		return usernameParam;
-	}
-
-	public void setUsernameParam(String usernameParam) {
-		this.usernameParam = usernameParam;
-	}
-
-	public String getPasswordParam() {
-		return passwordParam;
-	}
-
-	public void setPasswordParam(String passwordParam) {
-		this.passwordParam = passwordParam;
-	}
-
-	public String getRememberMeParam() {
-		return rememberMeParam;
-	}
-
-	public void setRememberMeParam(String rememberMeParam) {
-		this.rememberMeParam = rememberMeParam;
-	}
-
-	public String getLoginUrl() {
-		return loginUrl;
-	}
-}

src/main/java/com/dolplay/nutzshiro/module/SystemModule.java

 package com.dolplay.nutzshiro.module;
 
+import java.util.Map;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
 import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authz.annotation.RequiresAuthentication;
+import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.session.SessionException;
 import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadContext;
 import org.nutz.ioc.annotation.InjectName;
+import org.nutz.ioc.loader.annotation.Inject;
 import org.nutz.ioc.loader.annotation.IocBean;
+import org.nutz.mvc.Mvcs;
+import org.nutz.mvc.View;
 import org.nutz.mvc.annotation.At;
-import org.nutz.mvc.annotation.By;
 import org.nutz.mvc.annotation.Filters;
 import org.nutz.mvc.annotation.Ok;
+import org.nutz.mvc.annotation.Param;
+import org.nutz.mvc.view.JspView;
+import org.nutz.mvc.view.ServerRedirectView;
+import org.nutz.mvc.view.ViewWrapper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.dolplay.nutzshiro.filter.AuthenticationFilter;
+import com.dolplay.nutzshiro.util.MvcUtils;
 
 @IocBean
 @InjectName
 public class SystemModule {
 	private static Logger logger = LoggerFactory.getLogger(SystemModule.class);
 
+	@Inject
+	private SecurityManager securityManager;
+
 	@At("/login")
-	@Ok(">>:/")
-	@Filters({ @By(type = AuthenticationFilter.class, args = { "ioc:authenticationFilter" }) })
-	public void login() {
+	public View login(ServletRequest request, ServletResponse response, @Param("username") String username,
+			@Param("password") String password, @Param("rememberMe") boolean rememberMe) {
+		String host = request.getRemoteHost();
+		AuthenticationToken token = new UsernamePasswordToken(username, password, rememberMe, host);
+		try {
+			Subject subject = MvcUtils.getSubject(securityManager, request, response);
+			ThreadContext.bind(subject);
+			subject.login(token);
+			return new ViewWrapper(new ServerRedirectView("/"), null);
+		} catch (AuthenticationException e) {
+			logger.info("验证失败");
+			Map<String, Object> msgs = Mvcs.getLocaleMessage("zh_CN");
+			String errMsg = msgs.get("login_error").toString();
+			return new ViewWrapper(new JspView("/index"), errMsg);
+		} catch (Exception e) {
+			logger.error("登录失败", e);
+			return new ViewWrapper(new JspView("/index"), "登录失败");
+		}
+	}
+
+	@At("/main")
+	@Ok("jsp:jsp.main")
+	@RequiresAuthentication
+	public void main() {
 
 	}
 

src/main/resources/shiro.js

 				refer : "shiroDbRealm"
 			}
 		}
-	},
-
-	authenticationFilter : {
-		type : "com.dolplay.nutzshiro.filter.AuthenticationFilter",
-		fields : {
-			securityManager : {
-				refer : "securityManager"
-			}
-		}
 	}
 };
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.