NutzCN Logo
问答 rememberMe这个配置有什么用
发布于 278天前 作者 zp8821138 242 次浏览 复制 上一个帖子 下一个帖子
标签:
rememberMeCookie = org.apache.shiro.web.servlet.SimpleCookie
rememberMeCookie.name = remember
rememberMeCookie.maxAge = 604800
rememberMeCookie.httpOnly = true
rememberMeManager = org.apache.shiro.web.mgt.CookieRememberMeManager
rememberMeManager.cookie = $rememberMeCookie

我把maxAge修改为1的时候没有任何区别。

8 回复

我看cookie中的maxAge确实改了,但是这个改了有啥用呢

shiro会把登录信息序列化到cookie,实现免密码登录

意思是我前端还要进行处理,读取cookie判断是否失效,没有失效就回填用户名密码?

这跟前端没啥关系

关键我没看到我勾选rememberMe和不勾选rememberMe的区别 ,这个有啥区别勾选和不勾选

勾选?? 那就是说你用的现成的代码??

nutzwk改过,前端加了rememberMe,传了个true进去,filter是这样的

public class AuthenticationFilter extends FormAuthenticationFilter implements ActionFilter {
	private String captchaParam = "captcha";

	public String getCaptchaParam() {
		return captchaParam;
	}

	protected String getCaptcha(ServletRequest request) {
		return WebUtils.getCleanParam(request, getCaptchaParam());
	}

	protected AuthenticationToken createToken(HttpServletRequest request) {
		String username = getUsername(request);
		String password = getPassword(request);
		String captcha = getCaptcha(request);
		boolean rememberMe = isRememberMe(request);
		String host = getHost(request);
		return new CaptchaToken(username, password, rememberMe, host,captcha);
	}

	public View match(ActionContext actionContext) {
		HttpServletRequest request = actionContext.getRequest();
		AuthenticationToken authenticationToken = createToken(request);
		request.setAttribute("loginToken", authenticationToken);
		return null;
	}
}

CaptchaToken 是这样的

public class CaptchaToken extends UsernamePasswordToken {

	private static final long serialVersionUID = 4676958151524148623L;
	private String captcha;

	public String getCaptcha() {
		return captcha;
	}

	public void setCaptcha(String captcha) {
		this.captcha = captcha;
	}

	public CaptchaToken(String username, String password, boolean rememberMe, String host, String captcha) {
		super(username, password, rememberMe, host);
		this.captcha = captcha;
	}
}

配置文件是这样的

rememberMeCookie = org.apache.shiro.web.servlet.SimpleCookie
rememberMeCookie.name = remember
rememberMeCookie.maxAge = 604800
rememberMeCookie.httpOnly = true
rememberMeManager = org.apache.shiro.web.mgt.CookieRememberMeManager
rememberMeManager.cookie = $rememberMeCookie

sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
sha256Matcher.storedCredentialsHexEncoded = false
sha256Matcher.hashIterations = 1024
sha256Matcher.hashSalted = true

shiroDbRealm = com.kanq.shiro.realm.NutzDaoRealm
shiroDbRealm.credentialsMatcher = $sha256Matcher

securityManager.realms = $shiroDbRealm
authcStrategy = com.kanq.shiro.pam.AnySuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.cacheManager = $cacheManager
securityManager.rememberMeManager = $rememberMeManager

securityManager.rememberMeManager = $rememberMeManager 我把这一行去掉了 关闭浏览器 再次进入也不需要登陆就可以访问主页,那这个rememberMe到底有啥用呢 就像cookie中写入点东西?东西写入了没有用到啊,设置过期也没啥用把 我把过期时间改了1秒也没任何变化

哦, 那得问大鲨鱼了

添加回复
请先登陆
回到顶部