Shiro
shiro是一个功能强大且易于使用的java安全框架,可执行身份验证、授权、加密和会话管理。
功能
Authorization
授权,即权限验证。验证某个已认证的用户是否拥有某个权限,即判断用户是否能做什么事情。常见的如:验证某个用户是否拥有某个角色;细粒度的验证某个用户对某个资源是否具有某个功能权限。
Session Management
会话管理,即用户登录后就是一次会话,在没有退出之前,它的所有信息都在会话中;会话可以是普通的JavaSE环境,也可以是Web环境
Cryptography
加密,保护数据的安全性,如密码加密存储到数据库,而不是铭文存储
Web Support
Web支持,可以非常容易的集成到Web环境
Caching
缓存,比如童虎登录后,其用户信息、拥有的角色/权限不必每次都去查,这样可以提高效率
Concurrency
shiro支持多线程应用的并发验证,即,如在一个县城中开启另一个线程,能把权限自动传播过去
Testing
提供测试支持
Run As
允许一个用户假装成另一个用户的身份进行访问
Remember Me
记住我,这是个非常常见的功能,即一次登录后,下次再来的话就不用登录了
三个核心组件
Subject
当前操作用户。在shiro中,Subject这一概念不仅仅指人,也可以是第三方进程,后台账户或其他类似事务。它仅仅意味着当前跟软件交互的东西
SecurityManager
是shiro框架的心脏,并作为一种保护伞对象来协调内部的安全组件共同构成一个对象图。然而,一旦SecurityManager和它的内置对象图已经配置给一个应用程序,那么它单独留下来,且应用程序开发人员几乎使用他们所有的时间来处理SubjectAPI
Realm
担当shiro和应用程序的安全数据之间的桥梁。当它实际上与安全相关的数据,如用来执行很粉验证以及授权的用户账户交互时,shiro从一个或多个为应用程序配置的Realm中寻找许多这样的东西
JAVA访问权限控制
后台请求权限控制,通过Shiro注解 @RequiresPermissions
实例
一些实体
AuthenticationInfo,用户的角色信息集合,认证时使用。
AuthorzationInfo,角色的权限信息集合,授权时使用。
DefaultWebSecurityManager,安全管理器,开发者自定义的 Realm 需要注入到 DefaultWebSecurityManager 进行管理才能生效。
ShiroFilterFactoryBean,过滤器工厂,Shiro 的基本运行机制是开发者定制规则,Shiro 去执行,具体的执行操作就是由 ShiroFilterFactoryBean 创建的一个个 Filter 对象来完成。
SimpleAuthorizationInfo()获取角色,获取权限
SimpleAuthenticationInfo()获取用户名,密码
引入pom依赖
<!--引入shrio--><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring-boot-starter</artifactId><version>1.5.3</version></dependency>
自定义Realm
import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;/*** 自定义Realm*/public class CustomerRealm extends AuthorizingRealm {@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {return null;}@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {return null;}}
shiro配置
@Configurationpublic class ShiroConfig {//ShiroFilter过滤所有请求@Beanpublic ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();//给ShiroFilter配置安全管理器shiroFilterFactoryBean.setSecurityManager(securityManager);//配置系统受限资源//配置系统公共资源Map<String, String> map = new HashMap<String, String>();map.put("/index.jsp","authc");//表示这个资源需要认证和授权// 设置认证界面路径shiroFilterFactoryBean.setLoginUrl("/login.jsp");shiroFilterFactoryBean.setFilterChainDefinitionMap(map);return shiroFilterFactoryBean;}//创建安全管理器@Beanpublic DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm) {DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();securityManager.setRealm(realm);return securityManager;}//创建自定义Realm@Beanpublic Realm getRealm() {CustomerRealm realm = new CustomerRealm();return realm;}}
过滤器
shiro提供和多个默认的过滤器,可以用这些过滤器来配置控制指定url的权限
认证和退出
@Controller@RequestMapping("/user")public class UserController {@RequestMapping("logout")public String logout() {Subject subject = SecurityUtils.getSubject();subject.logout();return "redirect:/login.jsp";}@RequestMapping("/login")public String login(String username, String password) {//获取主题对象Subject subject = SecurityUtils.getSubject();try {subject.login(new UsernamePasswordToken(username,password));System.out.println("登录成功!!!");return "redirect:/index.jsp";} catch (UnknownAccountException e) {e.printStackTrace();System.out.println("用户错误!!!");} catch (IncorrectCredentialsException e) {System.out.println("密码错误!!!");}return "redirect:/login.jsp";}}
md5、salt的认证实现
public class SaltUtil {public static String getSalt(int n) {char[] chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz01234567890!@#$%^&*()".toCharArray();StringBuilder sb = new StringBuilder();for (int i = 0; i < n; i++) {char c = chars[new Random().nextInt(chars.length)];sb.append(c);}return sb.toString();}public static void main(String[] args) {System.out.println(getSalt(4));}}
@Service("userService")@Transactionalpublic class UserServiceImpl implements UserService {@Autowiredprivate UserDao userDao;@Overridepublic void register(User user) {//1.获取随机盐String salt = SaltUtil.getSalt(8);//2.将随机盐保存到数据user.setSalt(salt);//3.明文密码进行md5 + salt + hash散列Md5Hash MD5 = new Md5Hash(user.getPassword(),salt,1024);user.setPassword(MD5.toHex());userDao.save(user);}@Overridepublic User findByUsername(String username) {return userDao.findByUsername(username);}}
@Controller@RequestMapping("/user")public class UserController {@Autowiredprivate UserService userService;@RequestMapping("/register")public String register(User user) {try {userService.register(user);return "redirect:/login.jsp";} catch (Exception e) {e.printStackTrace();return "redirect:/register.jsp";}}@RequestMapping("logout")public String logout() {Subject subject = SecurityUtils.getSubject();subject.logout();return "redirect:/login.jsp";}@RequestMapping("/login")public String login(String username, String password) {//获取主题对象Subject subject = SecurityUtils.getSubject();try {subject.login(new UsernamePasswordToken(username,password));System.out.println("登录成功!!!");return "redirect:/index.jsp";} catch (UnknownAccountException e) {e.printStackTrace();System.out.println("用户错误!!!");} catch (IncorrectCredentialsException e) {System.out.println("密码错误!!!");}return "redirect:/login.jsp";}}
/*** 自定义Realm*/public class CustomerRealm extends AuthorizingRealm {@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {return null;}@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {String principal = (String) authenticationToken.getPrincipal();//获取UserService对象UserService userService = (UserService) ApplicationContextUtil.getBean("userService");//System.out.println(userService);User user = userService.findByUsername(principal);if (!ObjectUtils.isEmpty(user)) {return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), ByteSource.Util.bytes(user.getSalt()), this.getName());}return null;}}
@Componentpublic class ApplicationContextUtil implements ApplicationContextAware {private static ApplicationContext context;@Overridepublic void setApplicationContext(ApplicationContext applicationContext) throws BeansException {this.context = applicationContext;}//根据bean名字获取工厂中指定bean 对象public static Object getBean(String beanName) {return context.getBean(beanName);}}
@Configurationpublic class ShiroConfig {//ShiroFilter过滤所有请求@Beanpublic ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();//给ShiroFilter配置安全管理器shiroFilterFactoryBean.setSecurityManager(securityManager);//配置系统受限资源//配置系统公共资源Map<String, String> map = new HashMap<String, String>();map.put("/user/login","anon");//表示这个为公共资源 一定是在受限资源上面map.put("/user/register","anon");//表示这个为公共资源 一定是在受限资源上面map.put("/register.jsp","anon");//表示这个为公共资源 一定是在受限资源上面map.put("/**","authc");//表示这个受限资源需要认证和授权// 设置认证界面路径shiroFilterFactoryBean.setLoginUrl("/login.jsp");shiroFilterFactoryBean.setFilterChainDefinitionMap(map);return shiroFilterFactoryBean;}//创建安全管理器@Beanpublic DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm) {DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();securityManager.setRealm(realm);return securityManager;}//创建自定义Realm@Beanpublic Realm getRealm() {CustomerRealm realm = new CustomerRealm();HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();//设置使用MD5加密算法credentialsMatcher.setHashAlgorithmName("md5");//散列次数credentialsMatcher.setHashIterations(1024);realm.setCredentialsMatcher(credentialsMatcher);return realm;}
授权实现
@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {String principal = (String) principalCollection.getPrimaryPrincipal();if ("zhangsan".equals(principal)) {SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();info.addRole("admin");info.addRole("user");info.addStringPermission("user:find:*");info.addStringPermission("admin:*");return info;}return null;}
<%@page contentType="text/html;UTF-8" pageEncoding="UTF-8" isErrorPage="false" %><%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %><!doctype html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport"content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"><meta http-equiv="X-UA-Compatible" content="ie=edge"><title>Document</title></head><body><%--受限资源--%><h1>系统主页</h1><a href="${pageContext.request.contextPath}/user/logout">退出登录</a><ul><shiro:hasRole name="user"><li><a href="#">用户管理</a></li><ul><shiro:hasPermission name="user:save:*"><li><a href="#">增加</a></li></shiro:hasPermission><shiro:hasPermission name="user:delete:*"><li><a href="#">删除</a></li></shiro:hasPermission><shiro:hasPermission name="user:update:*"><li><a href="#">修改</a></li></shiro:hasPermission><shiro:hasPermission name="user:find:*"><li><a href="#">查询</a></li></shiro:hasPermission></ul></shiro:hasRole><shiro:hasRole name="admin"><li><a href="#">商品管理</a></li><li><a href="#">订单管理</a></li><li><a href="#">物流管理</a></li></shiro:hasRole></ul></body></html>在html中<!DOCTYPE html><html lang="en" xmlns:th="http://www.thymeleaf.org"xmlns:shiro="http://www.pollix.at/thymeleaf/shiro"><head><title>首页</title></head><body><h1>首页</h1><hr><ul><li><a href="user/index">个人中心</a></li><li><a href="vip/index">会员中心</a></li><p shiro:hasPermission="svip"><li>这是svip能看到的p标签</li></p><shiro:hasPermission name="svip"><li>这是svip能看到的</li></shiro:hasPermission><li><a href="logout">退出登录</a></li></ul></body></html>
@Controller@RequestMapping("order")public class OrderController {@RequestMapping("save")public String save() {//基于角色//获取主体对象Subject subject = SecurityUtils.getSubject();//代码方式if (subject.hasRole("admin")) {System.out.println("保存订单!");}else{System.out.println("无权访问!");}System.out.println("进入save方法============");return "redircet:/index.jsp";}}
@Controller@RequestMapping("order")public class OrderController {@RequiresRoles(value={"admin","user"})//用来判断角色 同时具有 admin user@RequiresPermissions("user:update:01") //用来判断权限字符串@RequestMapping("save")public String save(){System.out.println("进入方法");return "redirect:/index.jsp";}}
缓存
redis+shiro
import org.apache.shiro.cache.Cache;import org.apache.shiro.cache.CacheException;import org.apache.shiro.cache.CacheManager;//自定义shiro缓存管理器public class RedisCacheManager implements CacheManager {//参数1:认证或者是授权缓存的统一名称@Overridepublic <K, V> Cache<K, V> getCache(String cacheName) throws CacheException {System.out.println(cacheName);return new RedisCache<K,V>(cacheName);}}
//自定义redis缓存的实现public class RedisCache<k,v> implements Cache<k,v> {private String cacheName;public RedisCache() {}public RedisCache(String cacheName) {this.cacheName = cacheName;}@Overridepublic v get(k k) throws CacheException {return (v) getRedisTemplate().opsForHash().get(this.cacheName, k.toString());}@Overridepublic v put(k k, v v) throws CacheException {System.out.println("put key: "+k);System.out.println("put value:"+v);getRedisTemplate().opsForHash().put(this.cacheName,k.toString(), v);return null;}@Overridepublic v remove(k k) throws CacheException {System.out.println("=============remove=============");return (v) getRedisTemplate().opsForHash().delete(this.cacheName,k.toString());}@Overridepublic void clear() throws CacheException {System.out.println("=============clear==============");getRedisTemplate().delete(this.cacheName);}@Overridepublic int size() {return getRedisTemplate().opsForHash().size(this.cacheName).intValue();}@Overridepublic Set<k> keys() {return getRedisTemplate().opsForHash().keys(this.cacheName);}@Overridepublic Collection<v> values() {return getRedisTemplate().opsForHash().values(this.cacheName);}private RedisTemplate getRedisTemplate(){RedisTemplate redisTemplate = (RedisTemplate) ApplicationContextUtil.getBean("redisTemplate");redisTemplate.setKeySerializer(new StringRedisSerializer());redisTemplate.setHashKeySerializer(new StringRedisSerializer());return redisTemplate;}}
import org.apache.shiro.codec.Base64;import org.apache.shiro.codec.CodecSupport;import org.apache.shiro.codec.Hex;import org.apache.shiro.util.ByteSource;import java.io.File;import java.io.InputStream;import java.io.Serializable;import java.util.Arrays;//自定义salt实现 实现序列化接口public class MyByteSource implements ByteSource, Serializable {private byte[] bytes;private String cachedHex;private String cachedBase64;public MyByteSource(byte[] bytes) {this.bytes = bytes;}public MyByteSource(char[] chars) {this.bytes = CodecSupport.toBytes(chars);}public MyByteSource(String string) {this.bytes = CodecSupport.toBytes(string);}public MyByteSource(ByteSource source) {this.bytes = source.getBytes();}public MyByteSource(File file) {this.bytes = (new MyByteSource.BytesHelper()).getBytes(file);}public MyByteSource(InputStream stream) {this.bytes = (new MyByteSource.BytesHelper()).getBytes(stream);}public static boolean isCompatible(Object o) {return o instanceof byte[] || o instanceof char[] || o instanceof String || o instanceof ByteSource || o instanceof File || o instanceof InputStream;}public byte[] getBytes() {return this.bytes;}public boolean isEmpty() {return this.bytes == null || this.bytes.length == 0;}public String toHex() {if (this.cachedHex == null) {this.cachedHex = Hex.encodeToString(this.getBytes());}return this.cachedHex;}public String toBase64() {if (this.cachedBase64 == null) {this.cachedBase64 = Base64.encodeToString(this.getBytes());}return this.cachedBase64;}public String toString() {return this.toBase64();}public int hashCode() {return this.bytes != null && this.bytes.length != 0 ? Arrays.hashCode(this.bytes) : 0;}public boolean equals(Object o) {if (o == this) {return true;} else if (o instanceof ByteSource) {ByteSource bs = (ByteSource)o;return Arrays.equals(this.getBytes(), bs.getBytes());} else {return false;}}private static final class BytesHelper extends CodecSupport {private BytesHelper() {}public byte[] getBytes(File file) {return this.toBytes(file);}public byte[] getBytes(InputStream stream) {return this.toBytes(stream);}}}
验证码
import javax.imageio.ImageIO;import java.awt.*;import java.awt.geom.AffineTransform;import java.awt.image.BufferedImage;import java.io.File;import java.io.FileOutputStream;import java.io.IOException;import java.io.OutputStream;import java.util.Arrays;import java.util.Random;/***@创建人 cx*@创建时间 2018/11/27 17:36*@描述 验证码生成*/public class VerifyCodeUtils{//使用到Algerian字体,系统里没有的话需要安装字体,字体只显示大写,去掉了1,0,i,o几个容易混淆的字符public static final String VERIFY_CODES = "23456789ABCDEFGHJKLMNPQRSTUVWXYZ";private static Random random = new Random();/*** 使用系统默认字符源生成验证码* @param verifySize 验证码长度* @return*/public static String generateVerifyCode(int verifySize){return generateVerifyCode(verifySize, VERIFY_CODES);}/*** 使用指定源生成验证码* @param verifySize 验证码长度* @param sources 验证码字符源* @return*/public static String generateVerifyCode(int verifySize, String sources){if(sources == null || sources.length() == 0){sources = VERIFY_CODES;}int codesLen = sources.length();Random rand = new Random(System.currentTimeMillis());StringBuilder verifyCode = new StringBuilder(verifySize);for(int i = 0; i < verifySize; i++){verifyCode.append(sources.charAt(rand.nextInt(codesLen-1)));}return verifyCode.toString();}/*** 生成随机验证码文件,并返回验证码值* @param w* @param h* @param outputFile* @param verifySize* @return* @throws IOException*/public static String outputVerifyImage(int w, int h, File outputFile, int verifySize) throws IOException{String verifyCode = generateVerifyCode(verifySize);outputImage(w, h, outputFile, verifyCode);return verifyCode;}/*** 输出随机验证码图片流,并返回验证码值* @param w* @param h* @param os* @param verifySize* @return* @throws IOException*/public static String outputVerifyImage(int w, int h, OutputStream os, int verifySize) throws IOException{String verifyCode = generateVerifyCode(verifySize);outputImage(w, h, os, verifyCode);return verifyCode;}/*** 生成指定验证码图像文件* @param w* @param h* @param outputFile* @param code* @throws IOException*/public static void outputImage(int w, int h, File outputFile, String code) throws IOException{if(outputFile == null){return;}File dir = outputFile.getParentFile();if(!dir.exists()){dir.mkdirs();}try{outputFile.createNewFile();FileOutputStream fos = new FileOutputStream(outputFile);outputImage(w, h, fos, code);fos.close();} catch(IOException e){throw e;}}/*** 输出指定验证码图片流* @param w* @param h* @param os* @param code* @throws IOException*/public static void outputImage(int w, int h, OutputStream os, String code) throws IOException{int verifySize = code.length();BufferedImage image = new BufferedImage(w, h, BufferedImage.TYPE_INT_RGB);Random rand = new Random();Graphics2D g2 = image.createGraphics();g2.setRenderingHint(RenderingHints.KEY_ANTIALIASING,RenderingHints.VALUE_ANTIALIAS_ON);Color[] colors = new Color[5];Color[] colorSpaces = new Color[] { Color.WHITE, Color.CYAN,Color.GRAY, Color.LIGHT_GRAY, Color.MAGENTA, Color.ORANGE,Color.PINK, Color.YELLOW };float[] fractions = new float[colors.length];for(int i = 0; i < colors.length; i++){colors[i] = colorSpaces[rand.nextInt(colorSpaces.length)];fractions[i] = rand.nextFloat();}Arrays.sort(fractions);g2.setColor(Color.GRAY);// 设置边框色g2.fillRect(0, 0, w, h);Color c = getRandColor(200, 250);g2.setColor(c);// 设置背景色g2.fillRect(0, 2, w, h-4);//绘制干扰线Random random = new Random();g2.setColor(getRandColor(160, 200));// 设置线条的颜色for (int i = 0; i < 20; i++) {int x = random.nextInt(w - 1);int y = random.nextInt(h - 1);int xl = random.nextInt(6) + 1;int yl = random.nextInt(12) + 1;g2.drawLine(x, y, x + xl + 40, y + yl + 20);}// 添加噪点float yawpRate = 0.05f;// 噪声率int area = (int) (yawpRate * w * h);for (int i = 0; i < area; i++) {int x = random.nextInt(w);int y = random.nextInt(h);int rgb = getRandomIntColor();image.setRGB(x, y, rgb);}shear(g2, w, h, c);// 使图片扭曲g2.setColor(getRandColor(100, 160));int fontSize = h-4;Font font = new Font("Algerian", Font.ITALIC, fontSize);g2.setFont(font);char[] chars = code.toCharArray();for(int i = 0; i < verifySize; i++){AffineTransform affine = new AffineTransform();affine.setToRotation(Math.PI / 4 * rand.nextDouble() * (rand.nextBoolean() ? 1 : -1), (w / verifySize) * i + fontSize/2, h/2);g2.setTransform(affine);g2.drawChars(chars, i, 1, ((w-10) / verifySize) * i + 5, h/2 + fontSize/2 - 10);}g2.dispose();ImageIO.write(image, "jpg", os);}private static Color getRandColor(int fc, int bc) {if (fc > 255)fc = 255;if (bc > 255)bc = 255;int r = fc + random.nextInt(bc - fc);int g = fc + random.nextInt(bc - fc);int b = fc + random.nextInt(bc - fc);return new Color(r, g, b);}private static int getRandomIntColor() {int[] rgb = getRandomRgb();int color = 0;for (int c : rgb) {color = color << 8;color = color | c;}return color;}private static int[] getRandomRgb() {int[] rgb = new int[3];for (int i = 0; i < 3; i++) {rgb[i] = random.nextInt(255);}return rgb;}private static void shear(Graphics g, int w1, int h1, Color color) {shearX(g, w1, h1, color);shearY(g, w1, h1, color);}private static void shearX(Graphics g, int w1, int h1, Color color) {int period = random.nextInt(2);boolean borderGap = true;int frames = 1;int phase = random.nextInt(2);for (int i = 0; i < h1; i++) {double d = (double) (period >> 1)* Math.sin((double) i / (double) period+ (6.2831853071795862D * (double) phase)/ (double) frames);g.copyArea(0, i, w1, 1, (int) d, 0);if (borderGap) {g.setColor(color);g.drawLine((int) d, i, 0, i);g.drawLine((int) d + w1, i, w1, i);}}}private static void shearY(Graphics g, int w1, int h1, Color color) {int period = random.nextInt(40) + 10; // 50;boolean borderGap = true;int frames = 20;int phase = 7;for (int i = 0; i < w1; i++) {double d = (double) (period >> 1)* Math.sin((double) i / (double) period+ (6.2831853071795862D * (double) phase)/ (double) frames);g.copyArea(i, 0, 1, h1, 0, (int) d);if (borderGap) {g.setColor(color);g.drawLine(i, (int) d, i, 0);g.drawLine(i, (int) d + h1, i, h1);}}}public static void main(String[] args) throws IOException {//获取验证码String s = generateVerifyCode(4);//将验证码放入图片中outputImage(260,60,new File("/Users/chenyannan/Desktop/安工资料/aa.jpg"),s);System.out.println(s);}}
@RequestMapping("getImage")public void getImage(HttpSession session, HttpServletResponse response) throws IOException {//生成验证码String code = VerifyCodeUtils.generateVerifyCode(4);//验证码放入sessionsession.setAttribute("code",code);//验证码存入图片ServletOutputStream os = response.getOutputStream();response.setContentType("image/png");VerifyCodeUtils.outputImage(220,60,os,code);}
@RequestMapping("login")public String login(String username, String password,String code,HttpSession session) {//比较验证码String codes = (String) session.getAttribute("code");try {if (codes.equalsIgnoreCase(code)){//获取主体对象Subject subject = SecurityUtils.getSubject();subject.login(new UsernamePasswordToken(username, password));return "redirect:/index.jsp";}else{throw new RuntimeException("验证码错误!");}} catch (UnknownAccountException e) {e.printStackTrace();System.out.println("用户名错误!");} catch (IncorrectCredentialsException e) {e.printStackTrace();System.out.println("密码错误!");}catch (Exception e){e.printStackTrace();System.out.println(e.getMessage());}return "redirect:/login.jsp";}
若有收获,就点个赞吧
0 人点赞
