shiro扩展获得用户登录类型并提供cookie的方式记住用户密码

在最近的项目中要实现一个需求：“同时让两种类型的用户进行登录，登录后如果用户勾选了记住密码就要生成cookie来记录用户的密码和用户名”。本人做安全认证的时候一直在使用shiro，所以就想到在shiro的基础上进行一些扩展来满足需求。

shiro自带的参数中有三个值，分别是username、password和rememberme，而自带的rememberme使用的时候并没有生成自定义cookie的能力，所以只能扩展一个自己的remember么来实现功能了。

代码如下：

import org.apache.shiro.authc.UsernamePasswordToken;
/**首先要扩展shiro默认提供的usernamePasswordToken,加入我们需要关心的字段*/
public class UserNamePassWordCookieToken extends UsernamePasswordToken {

	private static final long serialVersionUID = 1L;

	private boolean isRemember;//是否记住密码
	
	private String loginType;//0为企业用户，1为政务端用户

	public UserNamePassWordCookieToken(String username, char[] password,
			boolean rememberMe, String host, boolean isRemember,String loginType) {
		super(username, password, rememberMe, host);
		this.setRemember(isRemember);
		this.loginType=loginType;
	}

	public boolean isRemember() {
		return isRemember;
	}

	public void setRemember(boolean isRemember) {
		this.isRemember = isRemember;
	}

	public String getLoginType() {
		return loginType;
	}

	public void setLoginType(String loginType) {
		this.loginType = loginType;
	}

}

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;

/**我使用的 是表单验证，所以这里扩展一下默认的FormAuthenticationFilter*/
public class FormAuthenticationCookieFilter extends FormAuthenticationFilter {

	public static final String DEFAULT_CAPTCHA_PARAM = "ck_rmbUser";//自定义的rememberme在form表单中的name
	public static final String DEFAULT_LOGINTYPE_PARAM = "loginType";//自定义的登录类型在form表单中的name

	private String isRememberParam = DEFAULT_CAPTCHA_PARAM;
	private String loginTypeParam = DEFAULT_LOGINTYPE_PARAM;

	public String getIsRememberParam() {

		return isRememberParam;

	}

	public void setIsRememberParam(String isRememberParam) {
		this.isRememberParam = isRememberParam;

	}

	public String getLoginTypeParam() {
		return loginTypeParam;
	}

	public void setLoginTypeParam(String loginTypeParam) {
		this.loginTypeParam = loginTypeParam;
	}

	protected boolean getIsRemember(ServletRequest request) {
		return WebUtils.isTrue(request, getIsRememberParam());//利用shiro的工具类来把form表单传来的isRemember转换为boolean值

	}

	protected String getLoginType(ServletRequest request) {
		return WebUtils.getCleanParam(request, getLoginTypeParam());//利用shiro的工具类获得登录类型
	}

	protected AuthenticationToken createToken(

	ServletRequest request, ServletResponse response) {

		String username = getUsername(request);
		String password = getPassword(request);

		boolean isRemember = getIsRemember(request);
		String loginType = getLoginType(request);
		HttpServletRequest httpServletReqrest = (HttpServletRequest) request;
		HttpServletResponse httpServletResponse = (HttpServletResponse) response;
		try {
			if (isRemember) {//创建cookie
				Cookie user = new Cookie("user", username + "-" + password+ "-" + loginType);
				// user.setMaxAge(60);
				user.setMaxAge(365*24*60*60);
				httpServletResponse.addCookie(user);
			} else {//清除cookie

				Cookie[] cookies = httpServletReqrest.getCookies();
				for (Cookie cookie : cookies) {
					if (cookie.getName().equals("user")) {
						cookie.setValue(null);
						cookie.setMaxAge(0);// 立即销毁cookie
						System.out.println("被删除的cookie名字为:" + cookie.getName());
						httpServletResponse.addCookie(cookie);
						break;
					}
				}
			}
		} catch (Exception e) {
			e.printStackTrace();
		}
		boolean rememberMe = isRememberMe(request);//shiro自带的remember

		String host = getHost(request);

		return new UserNamePassWordCookieToken(username,
				password.toCharArray(), rememberMe, host, isRemember, loginType);

	}

}