1
我試圖從apache shiro使用rememberme功能,但它不工作。Apache shiro記住我不工作
我有這個shiro.ini
[main]
ds = org.apache.shiro.jndi.JndiObjectFactory
ds.requiredType = javax.sql.DataSource
ds.resourceName = java:/comp/env/jdbc/myDS
# JDBC realm config
jdbcRealm = br.com.myproject.web.service.security.JdbcRealmImpl
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery = SELECT password FROM user WHERE username = ? AND status = 1
jdbcRealm.dataSource = $ds
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
jdbcRealm.credentialsMatcher = $sha256Matcher
securityManager.realms = $jdbcRealm
[urls]
/** = authcBasic
這是我JdbcRealmImpl:
public class JdbcRealmImpl extends JdbcRealm {
public JdbcRealmImpl() {
super();
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
final AuthenticationToken token) throws AuthenticationException {
final AuthenticationInfo info = super.doGetAuthenticationInfo(token);
final UserDB userDB = new UserDB();
final User user = userDB.getUserByUsername((String) token.getPrincipal());
return new SimpleAuthenticationInfo(user, info.getCredentials(), getName());
}
}
因爲這是一個Web服務項目我有一個登錄服務:
@POST
@Path("/login")
public Response login(@FormParam("username") final String username, @FormParam("password") final String password, @FormParam("remember") final boolean remember) {
final Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
final UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
token.setRememberMe(remember);
currentUser.login(token);
} catch (final AuthenticationException e) {
return Response.status(Status.BAD_REQUEST).entity("Invalid user").build();
}
}
return Response.ok().build();
}
的問題是SecurityUtils.getSubject()。isRemembered()總是返回false,即使當我設置token.setRememberMe(true);
是否有任何配置,即時消失?