我一直在讨论如何让用户登录Shiro,但它似乎仍然缺少一个重要的部分:shiro如何根据存储的用户名和密码验证给定的用户名和密码?我发现的最多的是It is each Realm's responsibility to match submitted credentials with those stored in the Realm's backing data store from here。但那是怎么做到的?
以下是我尝试过的内容,但结果仍然是无效的身份验证。
的LoginController
@RequestMapping(value = "/login.htm", method = RequestMethod.POST)
protected ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse response, Object cmd, BindException errors) throws Exception {
LoginCommand command = (LoginCommand) cmd;
UsernamePasswordToken token = new UsernamePasswordToken(command.getUsername(), command.getPassword());
System.out.println("onSubmit");
System.out.println(token.getUsername());
System.out.println(token.getPassword());
try
{
SecurityUtils.getSubject().login(token);
} catch (AuthenticationException e) {
errors.reject("error.invalidLogin", "The username or password was not correct.");
}
if (errors.hasErrors()) {
return showForm(request, response, errors);
} else {
return new ModelAndView("accessTest");
}
}
域
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
System.out.println("doGetAuthenticationInfo");
System.out.println(user.getUsername());
System.out.println(user.getPassword());
// user is a test object in place of a database
if( user != null ) {
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
} else {
return null;
}
}
答案 0 :(得分:1)
发现了答案。这是一个愚蠢的人。我复制了一些示例代码,并将凭证匹配器设置为HashedCredentialsMatcher。我没有做任何哈希,所以它没有工作。删除了setCredentialsMatcher并且它有效。