MVC ASP.NET Core Identity,创建登录、注册操作。 AuthController
公共类AuthController:控制器 { SignInManager _signInManager { 获取; } UserManager _userManager { 获取; } 角色管理器 public class AuthController : Controller { SignInManager<AppUser> _signInManager { get; } UserManager<AppUser> _userManager { get; } RoleManager<IdentityRole> _roleManager { get; } public AuthController(SignInManager<AppUser> signInManager, UserManager<AppUser> userManager, RoleManager<IdentityRole> roleManager) { _signInManager = signInManager; _userManager = userManager; _roleManager = roleManager; } public IActionResult Login() { return View(); } [HttpPost] public async Task<IActionResult> Login(string? returnUrl,LoginVM vm) { AppUser user; if (!ModelState.IsValid) { return View(vm); } if (vm.UsernameOrEmail.Contains("@")) { user = await _userManager.FindByEmailAsync(vm.UsernameOrEmail); } else { user = await _userManager.FindByNameAsync(vm.UsernameOrEmail); } if (user == null) { ModelState.AddModelError("", "Username or password is wrong"); return View(vm); } var result = await _signInManager.PasswordSignInAsync(user, vm.Password, vm.IsRemember, true); if (!result.Succeeded) { if (result.IsLockedOut) { ModelState.AddModelError("", "Too many attempts wait until " + DateTime.Parse(user.LockoutEnd.ToString()).ToString("HH:mm")); } else { ModelState.AddModelError("", "Username or password is wrong"); } return View(vm); } if (returnUrl != null) { return LocalRedirect(returnUrl); } return RedirectToAction("Index","Home"); } public IActionResult Register() { return View(); } [HttpPost] public async Task<IActionResult> Register(RegisterVM vm) { if (!ModelState.IsValid) { return View(vm); } var user = new AppUser { Fullname = vm.Fullname, Email = vm.Email, UserName = vm.Username }; var result = await _userManager.CreateAsync(user, vm.Password); if (!result.Succeeded) { foreach (var error in result.Errors) { ModelState.AddModelError("", error.Description); } return View(vm); } var roleResult = await _userManager.AddToRoleAsync(user, Roles.Member.ToString()); if (!roleResult.Succeeded) { ModelState.AddModelError("", "Something went wrong. Please contact admin"); return View(vm); } return View(); } public async Task<IActionResult> Logout() { await _signInManager.SignOutAsync(); return RedirectToAction("Index", "Home"); } public async Task<bool> CreateRoles() { foreach (var item in Enum.GetValues(typeof(Roles))) { if (!await _roleManager.RoleExistsAsync(item.ToString())) { var result = await _roleManager.CreateAsync(new IdentityRole { Name = item.ToString() }); if (!result.Succeeded) { return false; } } } return true; } } } 所以,我在代码中搞乱了登录、注册和注销,现在这个 RoleManager 的事情让我摸不着头脑。我只是想为我的管理员用户提供一些额外的权力,但我有点不知道该怎么做。如果您能用简单的语言解释步骤或需要进行哪些更改来帮助我,那就太棒了。 我的目标是让管理员用户在我的系统中体验更好,您对此的建议非常有用。尝试了解 RoleManager 的事情以及如何为我的管理员用户提供更多能力。您直接的帮助可能会对我解决这个问题产生很大的影响! 定义管理员角色 创建管理员用户 更新注册流程: var roleResult =等待_userManager.AddToRoleAsync(用户,vm.IsAdmin? Roles.Admin.ToString() : Roles.Member.ToString()); 使用管理员角色: [授权(角色=“管理员”)] 公共 IActionResult AdminDashboard() { // 特定于管理的逻辑 } 5.提升管理能力: if (User.IsInRole("管理员")) { // 特定于管理的逻辑 } 中间件配置: services.AddIdentity() .AddRoles() .AddEntityFrameworkStores(); 7.创建角色方法: 公共无效配置(IApplicationBuilder 应用程序,IHostingEnvironment env) { // 其他中间件配置 // Create roles during application startup var authController = new AuthController(/* inject your dependencies here */); authController.CreateRoles().GetAwaiter().GetResult(); }
Struts 2 与 Apache Shiro 集成时如何显示结果页面
使用: struts2 2.5.10, 春天 4.x, struts2-spring-插件2.5.10, 希罗1.4.0, Shiro-Spring 1.4.0。 网络.xml: 使用: struts2 2.5.10, 春季 4.x, struts2-spring-插件2.5.10, 四郎1.4.0, shiro-spring 1.4.0. web.xml: <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> <display-name>Archetype Created Web Application</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:beans.xml</param-value> </context-param> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter> <filter-name>struts2</filter-name> <filter-class>org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter</filter-class> </filter> <!-- shiro filter mapping has to be first --> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> <filter-mapping> <filter-name>struts2</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app> beanx.xml: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd "> <bean name="loginAction" class="example.shiro.action.LoginAction" > </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login.jsp" /> <property name="filterChainDefinitions"> <value> /login.jsp = authc /logout = logout /* = authc </value> </property> </bean> <bean id="iniRealm" class="org.apache.shiro.realm.text.IniRealm"> <property name="resourcePath" value="classpath:shiro.ini" /> </bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="iniRealm" /> </bean> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> </beans> struts.xml: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd"> <struts> <constant name="struts.devMode" value="true" /> <package name="default" extends="struts-default"> <action name="list" class="loginAction" method="list"> <result name="success">/success.jsp</result> <result name="error">error.jsp</result> </action> </package> </struts> index.jsp: <body> <s:action name="list" /> </body> login.jsp 看起来像: <form name="loginform" action="" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr> <td>Username:</td> <td><input type="text" name="username" maxlength="30"></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="password" maxlength="30"></td> </tr> <tr> <td colspan="2" align="left"><input type="checkbox" name="rememberMe"><font size="2">Remember Me</font></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td> </tr> </table> </form> LoginAction.list(): public String list() { Subject currentUser = SecurityUtils.getSubject(); if(currentUser.isAuthenticated()) {System.out.println("user : "+currentUser.getPrincipal()); System.out.println("You are authenticated!"); } else { System.out.println("Hey hacker, hands up!"); } return "success"; } shiro.ini: [users] root=123,admin guest=456,guest frank=789,roleA,roleB # role name=permission1,permission2,..,permissionN [roles] admin=* roleA=lightsaber:* roleB=winnebago:drive:eagle5 index.jsp、login.jsp、success.jsp放在webapp下 我想要的是:输入LoginAction.list()需要进行身份验证,如果登录成功,则运行LoginAction.list()并返回"success"然后显示定义为Struts操作结果的success.jsp。 现在登录成功后可以执行LoginAction.list(),但是success.jsp不显示,浏览器是空白页面。 为什么? 我找到了原因:我在index.jsp中使用了<s:action name="list" />,但是struts文档说如果我们想用<s:action>看到结果页面,那么我们必须将其属性executeResult设置为true,即就像<s:action name="list" executeResult="true"/>。 在我看来,这有点奇怪,这个属性默认应该是 true。 有一个示例,您应该如何使用 Shiro applicationContext.xml 进行配置: <property name="filterChainDefinitions"> <value> # some example chain definitions: /admin/** = authc, roles[admin] /** = authc # more URL-to-FilterChain definitions here </value> </property> 以 /admin/ 开头的 URL 通过角色 admin 进行保护,任何其他 URL 均不受保护。如果 Struts 操作和结果 JSP 不在受保护区域中,则会显示它们。