shiro1.2.2自定义realm中认证问题
**
- 认证回调函数, 登录时调用.
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken) throws IncorrectCredentialsException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
System.out.println(token.getUsername());
User user = userService.findUserByLoginName(token.getUsername());
System.out.println(user);
if (user != null) {
if (new String(token.getPassword()).equals(user.getPassword())) {
return new SimpleAuthenticationInfo(user.getName(), user.getPassword(), getName());
}else{
throw new IncorrectCredentialsException();
}
}
return null;
}
想问下,UsernamePasswordToken这里存放的密码与SimpleAuthenticationInfo中user.getPassword()是什么关系, 前者不加密,后者用MD5加密后,可以正常使用,而前者加密后,后者使用加密后会报Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=true] did not match the expected credentials.
请大伙帮忙给分析下,在线等。谢谢了!
写回答
-
这里只获取数据,无需判断password是否与输入的一致。详情请参考
//org.apache.shiro.realm.AuthenticatingRealmpublic final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { AuthenticationInfo info = getCachedAuthenticationInfo(token); if (info == null) { //otherwise not cached, perform the lookup: info = doGetAuthenticationInfo(token); log.debug("Looked up AuthenticationInfo [{}] from doGetAuthenticationInfo", info); if (token != null && info != null) { cacheAuthenticationInfoIfPossible(token, info); } } else { log.debug("Using cached authentication info [{}] to perform credentials matching.", info); } if (info != null) { assertCredentialsMatch(token, info); } else { log.debug("No AuthenticationInfo found for submitted AuthenticationToken [{}]. Returning null.", token); } return info; }2019-07-17 19:03:58赞同 展开评论 打赏
