这是我的shiro.ini。
[main]
ds = org.apache.shiro.jndi.JndiObjectFactory
ds.requiredType = javax.sql.DataSource
ds.resourceName = java:/comp/env/jdbc/at
credentialsMatcher=org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName=MD5
credentialsMatcher.hashIterations=1024
credentialsMatcher.storedCredentialsHexEncoded=true
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.dataSource = $ds
jdbcRealm.authenticationQuery = SELECT password FROM accounts.users WHERE username = ?
jdbcRealm.userRolesQuery = SELECT role_id FROM accounts.org_user_roles WHERE user_id = (SELECT id FROM accounts.users WHERE username = ?)
jdbcRealm.permissionsQuery = SELECT feature_id FROM accounts.role_features WHERE role_id = ?
jdbcRealm.credentialsMatcher = $credentialsMatcher
shiro.loginUrl = /at/login.htm
authc = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc.loginUrl = /at/login.htm
logout.redirectUrl = /at/login.htm
[urls]
/at/login.htm = authc
/at/forgotpw.htm = anon
/at/resources/** = authc
/at/tss/** = authc
/at/tde/** = authc
/at/lcs/** = authc
/at/cdt/** = authc
/at/tp/** = authc
/at/ip/** = authc
/at/dashboard/** = authc
/at/logout.htm = logout
当我进入登录页面并输入我的用户名和密码时,我得到一个例外:
org.apache.shiro.authc.IncorrectCredentialsException:令牌[org.apache.shiro.authc.UsernamePasswordToken - root,rememberMe = false]的已提交凭据与预期凭据不匹配。
我的数据库包含密码的MD5哈希值。似乎验证不起作用。我无法理解为什么。
答案 0 :(得分:0)
删除以下属性使这项工作成功。我认为对于MD5哈希,我们不需要指定以下属性。
credentialsMatcher.hashIterations=1024