报错：Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=true] did not match the expected credentials.controller:@RequestMapping(value = "login.do", method = RequestMethod.POST) @ResponseBody public ModelMap login() throws Exception { logger.info("进入了userController"); String username = request.getParameter("username"); String password =request.getParameter("password") ; String verifycode = request.getParameter("code"); String sessioncode = (String) session.getAttribute("code"); logger.info("接收的信息:"+username+password+verifycode+sessioncode); ModelMap parmars=new ModelMap(); UsernamePasswordToken token =new UsernamePasswordToken(username,password); Subject CurrentUser =SecurityUtils.getSubject(); try{ if (verifycode.equalsIgnoreCase(sessioncode)) { if (!CurrentUser.isAuthenticated()) { //token.setRememberMe(true); CurrentUser.login(token); logger.info(token.getUsername() + "登录成功"); } else { parmars.put("code", Code.USERNAMEORPASSWORD_WRONG); } } else { parmars.put("code", Code.CODE_WRONG); } } catch (Exception e) { e.printStackTrace(); parmars.put("code", Code.UNKOWN_WRONG); } return  parmars; }Myrealm：public class Myrealm extends AuthorizingRealm{ @SuppressWarnings("unused") private static final Logger logger = LoggerFactory.getLogger(Myrealm.class); @Autowired private UserService userService; public Myrealm(){ super(); } /* * (non-Javadoc) * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken) * 认证回调函数，登录时调用 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token =(UsernamePasswordToken) authcToken; User user=userService.getUserbyusername(token.getUsername()); if (user!=null) { return  new  SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),getName()); }else { throw new AuthenticationException("该用户不存在"); } } /* * (non-Javadoc) * @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) * 授权查询回调函数，无用户授权信息是调用 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection)throws AuthenticationException { String username=(String) principalCollection.getPrimaryPrincipal(); //获取角色相关信息 List<Role> Rolelist=userService.getUserbyusername(username).getRole(); //角色名集合 Set<String> RoleSet=new HashSet<String>(); //权限名集合 Set<String> PermissionSet =new HashSet<String>(); for (Role role : Rolelist) { RoleSet.add(role.getRolename()); for (Menu menu : role.getMenu()) { PermissionSet.add(menu.getMenuname()); } } SimpleAuthorizationInfo authorization=new SimpleAuthorizationInfo(); authorization.addRoles(RoleSet); authorization.addStringPermissions(PermissionSet); return authorization; } /* *更新用户授权信息缓存 */ public void clearCacheAuthenticationInfo(String principals ){ @SuppressWarnings("unused") SimplePrincipalCollection info=new SimplePrincipalCollection(principals,getName()); clearCacheAuthenticationInfo(principals); } /* * 清除所有用户授权信息缓存 */ public void clearAllCacheauthenticationInfo(){ Cache<Object, AuthorizationInfo> cache=getAuthorizationCache(); if (cache!=null) { for(Object key :cache.keys()){ cache.remove(key); } } }}