【发布时间】:2012-08-26 09:33:52
【问题描述】:
我已经一遍又一遍地讨论如何让用户使用 Shiro 登录,但似乎仍然缺少一个重要的部分:shiro 如何根据存储的用户名和密码验证给定的用户名和密码?我想出的最多的是It is each Realm's responsibility to match submitted credentials with those stored in the Realm's backing data storefrom here。但是这是怎么做到的呢?
以下是我尝试过的,但结果仍然是无效的身份验证。
登录控制器
@RequestMapping(value = "/login.htm", method = RequestMethod.POST)
protected ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse response, Object cmd, BindException errors) throws Exception {
LoginCommand command = (LoginCommand) cmd;
UsernamePasswordToken token = new UsernamePasswordToken(command.getUsername(), command.getPassword());
System.out.println("onSubmit");
System.out.println(token.getUsername());
System.out.println(token.getPassword());
try
{
SecurityUtils.getSubject().login(token);
} catch (AuthenticationException e) {
errors.reject("error.invalidLogin", "The username or password was not correct.");
}
if (errors.hasErrors()) {
return showForm(request, response, errors);
} else {
return new ModelAndView("accessTest");
}
}
领域
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
System.out.println("doGetAuthenticationInfo");
System.out.println(user.getUsername());
System.out.println(user.getPassword());
// user is a test object in place of a database
if( user != null ) {
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
} else {
return null;
}
}
【问题讨论】:
-
你能分享输出吗?我的第一个猜测是 token.getPassword() != user.getPassword()。
-
是的。我已经测试了所有的输出,所有的输出都是相等的。
标签: shiro