我正在开发一个基于jsf的项目,使用Apache Shiro 1.2来保证安全性。我有'记住我'功能的问题。
[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.authenticationQuery = SELECT password from user where username = ?
jdbcRealm.userRolesQuery = select role from userroles where userID = (select id FROM user WHERE username = ?)
ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource
ds.serverName = localhost
ds.user = root
ds.password = 12345
ds.databaseName = testdb
jdbcRealm.dataSource= $ds
authc.loginUrl = /index.xhtml
user.loginUrl = /index.xhtml
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
jdbcRealm.credentialsMatcher = $passwordMatcher
#or this configuration
#passwordMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
#credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
#credentialsMatcher.hashAlgorithmName = SHA-256
#credentialsMatcher.storedCredentialsHexEncoded = true
#credentialsMatcher.hashIterations = 5000
Java类
PasswordService passwordService = new DefaultPasswordService();
String encryptedPassword = passwordService.encryptPassword(password);
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, encryptedPassword);
token.setRememberMe(rememberMe);
可能是什么问题?
答案 0 :(得分:0)
您需要配置默认会话管理器以保存您正在记住的会话。
[main]
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager