若依(SpringBoot+shiro)免密登录配置

1. 自定义登录类型枚举

package com.smartsite.framework.shiro.enums;


public enum LoginType {

    
    PASSWORd("PASSWORD"),
    
    NOPASSWD("NOPASSWORD");
    
    private String code;

    private LoginType(String code) {
        this.code = code;
    }

    public String getCode() {
        return code;
    }

}

2. 自定义登录认证规则

package com.smartsite.framework.shiro.token;

import com.smartsite.framework.shiro.enums.LoginType;
import org.apache.shiro.authc.UsernamePasswordToken;


public class CustomToken extends UsernamePasswordToken {
    private static final long serialVersionUID = -2564928913725078138L;

    private LoginType type;

    public CustomToken() {
        super();
    }

    
    public CustomToken(String username) {
        super(username, "", false, null);
        this.type = LoginType.NOPASSWD;
    }

    
    public CustomToken(String username, String password, boolean rememberMe) {
        super(username, password, rememberMe, null);
        this.type = LoginType.PASSWORD;
    }

    public LoginType getType() {
        return type;
    }

    public void setType(LoginType type) {
        this.type = type;
    }

}

3. 修改自定义Realm

public class UserRealm extends AuthorizingRealm {


    ...

    
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        CustomToken upToken = (CustomToken) token;
        String username = upToken.getUsername();
        String password = "";
        SysUser user = null;

        // 通过登录类型进行免密登录或者正常登录
        if (upToken.getType().getCode().equals(LoginType.PASSWORD.getCode())) {

            if (upToken.getPassword() != null) {
                password = new String(upToken.getPassword());
            }

            try {
                user = loginService.login(username, password);
            } catch (CaptchaException e) {
                throw new AuthenticationException(e.getMessage(), e);
            } catch (UserNotExistsException e) {
                throw new UnknownAccountException(e.getMessage(), e);
            } catch (UserPasswordNotMatchException e) {
                throw new IncorrectCredentialsException(e.getMessage(), e);
            } catch (UserPasswordRetryLimitExceedException e) {
                throw new ExcessiveAttemptsException(e.getMessage(), e);
            } catch (UserBlockedException e) {
                throw new LockedAccountException(e.getMessage(), e);
            } catch (RoleBlockedException e) {
                throw new LockedAccountException(e.getMessage(), e);
            } catch (Exception e) {
                log.info("对用户[" + username + "]进行登录验证..验证未通过{}", e.getMessage());
                throw new AuthenticationException(e.getMessage(), e);
            }

        }else if (upToken.getType().getCode().equals(LoginType.NOPASSWD.getCode())) {
            // 第三方登录 TODO
            user = loginService.login(username);

        }


        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
        return info;
    }
...

}

4. loginService补充方法

package com.smartsite.framework.shiro.service;



@Component
public class SysLoginService{
...
    public SysUser login(String username) {
        // 查询用户信息
        SysUser user = userService.selectUserByLoginName(username);
        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
        recordLoginInfo(user);
        return user;
    }
...

}

5. 修改下原本登录方法使用的UsernamePasswordToken 改为刚才我们继承重写的CustomToken这样会避免出现通过原方法登录导致的类型转换失败

package com.smartsite.web.controller.system;




@Controller
public class SysLoginController extends BaseController{
    ...
    @PostMapping("/login")
    @ResponseBody
    public AjaxResult ajaxLogin(String username, String password, Boolean rememberMe) throws Exception{

    	password = AesEncryptUtils.decrypt(password);
        // 调整为重写的token
        CustomToken token = new CustomToken(username, password, rememberMe);
        Subject subject = SecurityUtils.getSubject();
        try
        {
            subject.login(token);
            return success();
        }
        catch (AuthenticationException e)
        {
            String msg = "用户或密码错误";
            if (StringUtils.isNotEmpty(e.getMessage()))
            {
                msg = e.getMessage();
            }
            return error(msg);
        }
    }
    ...
}

6. 最后在免密登录的入口控制是否免密就好

PostMapping("/oss")
public String ossLogin(String username,ModelMap map) throws Exception {

    try {
            // ... 一些校验

            CustomToken token = new CustomToken(username);
            Subject subject = SecurityUtils.getSubject();

            subject.login(token);
            System.out.println("单点登录成功: " + dt);
            return "redirect:/index_screen";
        }
    } catch (AuthenticationException e) {
        e.printStackTrace();
    }
    return "error/business";
}

7. 有在realm自定义密码校验规则的, 需要重写下matcher

public class CustomCredentialsMatch extends HashedCredentialsMatcher {

    @Override
    public boolean doCredentialsMatch(AuthenticationToken authcToken, AuthenticationInfo info) {
        CustomToken tk = (CustomToken) authcToken;
        if(tk.getType().equals(LoginType.NOPASSWD)){
            return true;
        }
        boolean matches = super.doCredentialsMatch(authcToken, info);
        return matches;
    }

}

8. shiroConfig里换个匹配器

public class UserRealm extends AuthorizingRealm {   

   ...
   
	@Bean(name = "customCredentialsMatch")
	public CustomCredentialsMatch hashedCredentialsMatch(){
		CustomCredentialsMatch hashedCredentialsMatch = new CustomCredentialsMatch();
		hashedCredentialsMatch.setHashAlgorithmName("MD5");
		hashedCredentialsMatch.setHashIterations(1024);
		return hashedCredentialsMatch;
	}

    ...
}

7,8两个步骤我项目不需要, 所以我没试, 需要的朋友可以自己尝试下

有问题欢迎大佬们指正~