时间戳

首页 > 解决方案 > 如何从 apache shiro 登录表单中提取会话值?

java - 如何从 apache shiro 登录表单中提取会话值?

问题描述

我有一个登录表单,成功后会重定向到 servlet。我正在使用 apache shiro 进行身份验证,我正在尝试提取表单提交的用户名,以便可以在我的 servlet 中使用它。我想知道 shiro 是否已经将这些值存储在会话中。如果是这样,我如何提取这些以便我可以在我的 servlet 中使用它们?我已经尝试在我的表单上放置一个表单操作并request.getParameter("username")在我的 servlet 中提取用户名,但是在使用 shiro 时它似乎不起作用。我已经阅读了 shiro 文档并阅读了类似的问题。我仍然不确定在哪里实际配置和提取会话变量。它在我的 servlet 中shiro.ini还是在我的 servlet 中?

shiro.ini 

jdbcRealm= org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.authenticationQuery = SELECT password from user where username = ?
jdbcRealm.userRolesQuery = SELECT role from userroles where userID = (select id FROM user WHERE username = ?)
;jdbcRealm.permissionsQuery  = ??????

ds = com.mysql.cj.jdbc.MysqlDataSource
ds.serverName = localhost
ds.user = root
;ds.password = shiro
ds.databaseName = shiro
jdbcRealm.dataSource= $ds

passwordMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
credentialsMatcher.storedCredentialsHexEncoded = true
credentialsMatcher.hashIterations = 5000

authc.loginUrl = /login.jsp
authc.usernameParam = username
authc.passwordParam = password
;authc.rememberMeParam = rememberMe
authc.successUrl = /secret/SecretStockServlet
logout.redirectUrl = /login.jsp

[urls]
/login.jsp = authc 
/secret/** = authc 
/logout = logout

登录表单 

<form name="loginform" id ="loginform" method="post">
        <div class="container">
            <h1>Log in</h1>
            <p>Please fill in this form to log in.</p>
            <hr>

            <label for="username"><b>Email</b></label>
            <input type="text" placeholder="Enter Email" name="username" id="username" required>

            <label for="password"><b>Password</b></label>
            <input type="password" placeholder="Enter Password" name="password" id="password" required>
            <hr>

            <button type="submit" class="loginbtn">Log in</button>
        </div>

        <div class="container signin">
            <p>Need to register? <a href="register.jsp">Sign up</a>.</p>
        </div>
    </form>

/secret/SecretStockServlet 

protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        response.setContentType("text/html;charset=UTF-8");
        String address;
        try {

            List<SalesStock> list = stockRepository.getAllSalesStock();
            address = "/secret/stock.jsp";

            Subject currentUser = SecurityUtils.getSubject();
            Session session = (Session) currentUser.getSession();

            request.setAttribute("list", list);

        } catch (Exception ex) {
            address = "/error.jsp";
        }

        RequestDispatcher dispatcher = request.getRequestDispatcher(address);
        dispatcher.forward(request, response);
    }

标签: javaformsauthenticationservletsshiro

解决方案

如果您使用 JSP,您可以使用Shiro Tag lib

或者

调用request.getUserPrincipal().getName()应该返回主题的用户名。

或者

您也可以通过调用获得所需的信息Subject.getPrincpal(),但这取决于您的领域的实现。

推荐阅读