Java tutorial
/* * Copyright 2005-2013 shopxx.net. All rights reserved. * Support: http://www.shopxx.net * License: http://www.shopxx.net/license */ package com.hyeb.back.authenticate; import java.security.interfaces.RSAPrivateKey; import java.util.Collection; import java.util.HashMap; import java.util.Map; import java.util.Map.Entry; import javax.annotation.Resource; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import com.hyeb.back.authenticate.AuthenticationToken; import com.hyeb.util.RSAUtils; import org.apache.commons.lang.StringUtils; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; import org.apache.shiro.web.util.WebUtils; import org.springframework.util.Assert; /** * Filter - ??? * * @author SHOP++ Team * @version 3.0 */ public class AuthenticationFilter extends FormAuthenticationFilter { /** "?"??? */ private static final String DEFAULT_EN_PASSWORD_PARAM = "enPassword"; /** "?ID"??? */ private static final String DEFAULT_CAPTCHA_ID_PARAM = "captchaId"; /** "??"??? */ private static final String DEFAULT_CAPTCHA_PARAM = "captcha"; /** "?"??? */ private String enPasswordParam = DEFAULT_EN_PASSWORD_PARAM; /** "?ID"??? */ private String captchaIdParam = DEFAULT_CAPTCHA_ID_PARAM; /** "??"??? */ private String captchaParam = DEFAULT_CAPTCHA_PARAM; /** "?"??? */ private static final String PRIVATE_KEY_ATTRIBUTE_NAME = "privateKey"; @Override protected org.apache.shiro.authc.AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) { String username = getUsername(servletRequest); String password = getPassword(servletRequest); String captchaId = getCaptchaId(servletRequest); String captcha = getCaptcha(servletRequest); boolean rememberMe = isRememberMe(servletRequest); String host = getHost(servletRequest); return new AuthenticationToken(username, password, captchaId, captcha, rememberMe, host); } @Override protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; String requestType = request.getHeader("X-Requested-With"); if (requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest")) { response.addHeader("loginStatus", "accessDenied"); response.sendError(HttpServletResponse.SC_FORBIDDEN); return false; } return super.onAccessDenied(request, response); } @Override protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception { Session session = subject.getSession(); Map<Object, Object> attributes = new HashMap<Object, Object>(); Collection<Object> keys = session.getAttributeKeys(); for (Object key : keys) { attributes.put(key, session.getAttribute(key)); } session.stop(); session = subject.getSession(); for (Entry<Object, Object> entry : attributes.entrySet()) { session.setAttribute(entry.getKey(), entry.getValue()); } return super.onLoginSuccess(token, subject, servletRequest, servletResponse); } // ? @Override protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception { return super.executeLogin(request, response); } @Override protected String getPassword(ServletRequest servletRequest) { HttpServletRequest request = (HttpServletRequest) servletRequest; String password = null; Assert.notNull(request); if (enPasswordParam != null) { HttpSession session = request.getSession(); RSAPrivateKey privateKey = (RSAPrivateKey) session.getAttribute(PRIVATE_KEY_ATTRIBUTE_NAME); String parameter = request.getParameter(enPasswordParam); if (privateKey != null && StringUtils.isNotEmpty(parameter)) { password = RSAUtils.decrypt(privateKey, parameter); } } HttpSession session = request.getSession(); session.removeAttribute(PRIVATE_KEY_ATTRIBUTE_NAME); return password; } /** * ??ID * * @param servletRequest * ServletRequest * @return ?ID */ protected String getCaptchaId(ServletRequest servletRequest) { String captchaId = WebUtils.getCleanParam(servletRequest, captchaIdParam); if (captchaId == null) { captchaId = ((HttpServletRequest) servletRequest).getSession().getId(); } return captchaId; } /** * ??? * * @param servletRequest * ServletRequest * @return ?? */ protected String getCaptcha(ServletRequest servletRequest) { return WebUtils.getCleanParam(servletRequest, captchaParam); } /** * ?"?"??? * * @return "?"??? */ public String getEnPasswordParam() { return enPasswordParam; } /** * "?"??? * * @param enPasswordParam * "?"??? */ public void setEnPasswordParam(String enPasswordParam) { this.enPasswordParam = enPasswordParam; } /** * ?"?ID"??? * * @return "?ID"??? */ public String getCaptchaIdParam() { return captchaIdParam; } /** * "?ID"??? * * @param captchaIdParam * "?ID"??? */ public void setCaptchaIdParam(String captchaIdParam) { this.captchaIdParam = captchaIdParam; } /** * ?"??"??? * * @return "??"??? */ public String getCaptchaParam() { return captchaParam; } /** * "??"??? * * @param captchaParam * "??"??? */ public void setCaptchaParam(String captchaParam) { this.captchaParam = captchaParam; } }