报错：还没登录，SecurityUtils.getSubject().isAuthenticated()为什么是ture，他得知应该是false才对呀 @RequestMapping(value = "login.do", method = RequestMethod.POST) @ResponseBody public ModelMap login() throws Exception { logger.info("进入了userController"); String username = request.getParameter("username"); String password = request.getParameter("password"); String verifycode = request.getParameter("code"); String sessioncode = (String) SecurityUtils.getSubject().getSession().getAttribute("code"); logger.info("接收的信息:" + username + password + verifycode + sessioncode); ModelMap parmars = new ModelMap(); UsernamePasswordToken token = new UsernamePasswordToken(username, password); logger.info(token.toString()+"接收令牌"); Subject subject = SecurityUtils.getSubject(); logger.info(subject.getPrincipal()+"获取登陆者"); try{ if (verifycode.equalsIgnoreCase(sessioncode)) { System.out.println(subject.isAuthenticated()+"-------------"); //判断身份是否进行登录验证 if (!subject.isAuthenticated()) { token.setRememberMe(true); subject.login(token); logger.info(token.getUsername() + "登录成功"); parmars.put("code", Code.SUCCESS); } else { parmars.put("code", Code.ISREMEMBERED); } } else { parmars.put("code", Code.CODE_WRONG); } } catch (Exception e) { e.printStackTrace(); parmars.put("code", Code.UNKOWN_WRONG); logger.info("shiro导致的系统错误"); } return parmars; }