4

我一遍又一遍地讨论如何让用户使用 Shiro 登录,但似乎仍然缺少一个重要的部分:shiro 如何根据存储的用户名和密码验证给定的用户名和密码?我想出的最多的是It is each Realm's responsibility to match submitted credentials with those stored in the Realm's backing data store 从这里。但是这是怎么做到的呢?

以下是我尝试过的,但结果仍然是无效的身份验证。

登录控制器

@RequestMapping(value = "/login.htm", method = RequestMethod.POST)
protected ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse response, Object cmd, BindException errors) throws Exception {

    LoginCommand command = (LoginCommand) cmd;
    UsernamePasswordToken token = new UsernamePasswordToken(command.getUsername(), command.getPassword());
    System.out.println("onSubmit");
    System.out.println(token.getUsername());
    System.out.println(token.getPassword());

    try
    {
        SecurityUtils.getSubject().login(token);
    } catch (AuthenticationException e) {
        errors.reject("error.invalidLogin", "The username or password was not correct.");
    }

    if (errors.hasErrors()) {
        return showForm(request, response, errors);
    } else {
        return new ModelAndView("accessTest");
    }
}

领域

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
    UsernamePasswordToken token = (UsernamePasswordToken) authcToken;

    System.out.println("doGetAuthenticationInfo");
    System.out.println(user.getUsername());
    System.out.println(user.getPassword());

    // user is a test object in place of a database
    if( user != null ) {
        return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
    } else {
        return null;
    }
}
4

1 回答 1

1

发现了答案。这是一个愚蠢的。我复制了一些示例代码,他们将凭据匹配器设置为 HashedCredentialsMatcher。我没有做任何散列,所以它不起作用。删除了 setCredentialsMatcher 并且它起作用了。

于 2012-09-07T20:20:32.953 回答