Exception in thread "main" org.apache.shiro.authc.AuthenticationException: Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken - kaka, rememberMe=false]. Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException)
2018-12-03
CustomRealm:
public class CustomRealm extends AuthorizingRealm {
Map<String, String> userMap = new HashMap<>(16);
{
userMap.put("Mark", "283538989cef48f3d7d8a1c1bdf2008f");
super.setName("customRealmName");
}
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String userName= (String) principals.getPrimaryPrincipal();
// 从数据库或者缓存中获取数据
Set<String> roles=getRolesByUserName(userName);
Set<String> permission =getPermissionByUserName(userName);
SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();
simpleAuthorizationInfo.setStringPermissions(permission);
simpleAuthorizationInfo.setRoles(roles);
return simpleAuthorizationInfo;
}
// 认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// 从主体传过来的用户信息中获得用户名
String userName = (String) token.getPrincipal();
// 通过用户名到数据库中获取凭证
String password = getPasswordByUserName(userName);
if (password == null) {
return null;
}
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo("Mark",password,"customRealmName");
authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("Mark"));
return authenticationInfo;
}
/*模拟数据库查询凭证*/
private String getPasswordByUserName(String userName) {
return userMap.get(userName);
}
/*模拟数据库获取角色*/
private Set<String> getRolesByUserName(String userName) {
Set<String> sets=new HashSet<>();
sets.add("admin");
sets.add("user");
return sets;
}
/*模拟数据库获取权限*/
private Set<String> getPermissionByUserName(String userName) {
Set<String> sets=new HashSet<>();
sets.add("user:delete");
sets.add("user:add");
return sets;
}
// 计算加密之后的密文
public static void main(String[] args){
Md5Hash md5Hash=new Md5Hash("123456","Mark");//盐应为随机数,此处用“Mark”写死
System.out.println(md5Hash.toString());//通过控制台打印获得密文
}
}我的代码,你自己看看:
CustomRealm:
public class CustomRealmTest {
@Test
public void testAuthentication() {
CustomRealm customRealm=new CustomRealm();
// 构建securityManager对象
DefaultSecurityManager defaultSecurityManager=new DefaultSecurityManager();
defaultSecurityManager.setRealm(customRealm);
HashedCredentialsMatcher hashedCredentialsMatcher=new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5");
hashedCredentialsMatcher.setHashIterations(1);
customRealm.setCredentialsMatcher(hashedCredentialsMatcher);
// 主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject= SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken("Mark","123456");
subject.login(token);
System.out.println("isAuthenticated:"+subject.isAuthenticated());
subject.checkRole("admin");
subject.checkPermissions("user:add","user:delete");
}
}CustomRealmTest:
public class CustomRealmTest {
@Test
public void testAuthentication() {
CustomRealm customRealm=new CustomRealm();
// 构建securityManager对象
DefaultSecurityManager defaultSecurityManager=new DefaultSecurityManager();
defaultSecurityManager.setRealm(customRealm);
HashedCredentialsMatcher hashedCredentialsMatcher=new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5");
hashedCredentialsMatcher.setHashIterations(1);
customRealm.setCredentialsMatcher(hashedCredentialsMatcher);
// 主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject= SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken("Mark","123456");
subject.login(token);
System.out.println("isAuthenticated:"+subject.isAuthenticated());
subject.checkRole("admin");
subject.checkPermissions("user:add","user:delete");
}
}举报
