我尝试登录时遇到此错误。任何帮助表示赞赏。
登录代码
Realm realm = new TestRealm();
SecurityManager sm = new DefaultSecurityManager(realm);
SecurityUtils.setSecurityManager(sm);
UsernamePasswordToken token = new UsernamePasswordToken();
token.setUsername("dave");
token.setPassword("le1990".toCharArray());
token.setRememberMe(true);
Subject sub = SecurityUtils.getSubject();
sub.login(token);
doGetAuthenticationInfo方法
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException{
UsernamePasswordToken upToken = (UsernamePasswordToken)token;
String username = upToken.getUsername();
if(username == null)
this.logger.info("We don't except Null usernames. sorry. ");
AuthenticationInfo info = null;
try{
USER user = new USER();
String pass = user.getPassForUser();
if(pass == null)
throw new AccountException("The account your looking for doesn't exist");
info = new SimpleAuthenticationInfo(username, pass, getName());
user.getPassForUser方法返回硬连线值以进行测试。复制值从DB $ shiro1 $ SHA-256 $ 500000 $ temCnap0k + zboIW7y49Mww == $ veyM6YL3QiCJvMwo0r2yu0KDC3ueAxZOYuN0vT + 0v5M =
shiro.ini文件
# realms to be used
customSecurityRealm=com.raven.rave.common.TestRealm
customSecurityRealm.jndiDataSourceName=java:jdbc/dbeka
customSecurityRealm.permissionsLookupEnabled=true
最后抛出异常
ERROR [STDERR] org.apache.shiro.authc.IncorrectCredentialsException:
Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken - dave, rememberMe=true] did not match the expected credent
ERROR [STDERR] at org.apache.shiro.realm.AuthenticatingRealm.assertCredentialsMatch(AuthenticatingRealm.java:600)
ERROR [STDERR] at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:578)
ERROR [STDERR] at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
ERROR [STDERR] at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
ERROR [STDERR] at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
ERROR [STDERR] at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
ERROR [STDERR] at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
ERROR [STDERR] at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
当我注册用户时,我传入了相同的密码“le1990”。 此外,从DB检索的密码是否必须是纯文本。如果是这样,我如何解密存储的密码?
答案 0 :(得分:1)
问题显而易见,错过了。我没有在ini文件中将credentialMatcher设置为jdbc域。添加该声明修复了它。
更新了shiro.ini文件
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
# realms to be used
jdbcrealm=com.raven.rave.common.TestRealm
jdbcrealm.permissionsLookupEnabled=true
securityManager.realm = $jdbcrealm
#statement that fixed it up
jdbcrealm.credentialsMatcher = $passwordMatcher