4
我已經一遍又一遍地關於如何用Shiro進行用戶登錄,但它仍然看起來像是缺少一個重要的部分:shiro如何對存儲的用戶名和密碼驗證給定的用戶名和密碼?我想到的最多的是It is each Realm's responsibility to match submitted credentials with those stored in the Realm's backing data storefrom here。但是,這是如何完成的?如何使用Shiro對用戶進行身份驗證?
下面是我試過的,但結果仍然是一個無效的身份驗證。
的LoginController
@RequestMapping(value = "/login.htm", method = RequestMethod.POST)
protected ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse response, Object cmd, BindException errors) throws Exception {
LoginCommand command = (LoginCommand) cmd;
UsernamePasswordToken token = new UsernamePasswordToken(command.getUsername(), command.getPassword());
System.out.println("onSubmit");
System.out.println(token.getUsername());
System.out.println(token.getPassword());
try
{
SecurityUtils.getSubject().login(token);
} catch (AuthenticationException e) {
errors.reject("error.invalidLogin", "The username or password was not correct.");
}
if (errors.hasErrors()) {
return showForm(request, response, errors);
} else {
return new ModelAndView("accessTest");
}
}
境界
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
System.out.println("doGetAuthenticationInfo");
System.out.println(user.getUsername());
System.out.println(user.getPassword());
// user is a test object in place of a database
if(user != null) {
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
} else {
return null;
}
}
你可以分享輸出嗎?我的第一個猜測是那個token.getPassword()!= user.getPassword()。 – jbunting
是。我測試了所有輸出,所有輸出都是相同的。 –