Apache Shiro IncorrectCredentialsException 异常
Apache Shiro IncorrectCredentialsException
这是我第一次使用 apache shiro,所以请多多包涵。
我的shiro.ini
# =============================================================================
# Quickstart INI Realm configuration
#
# =============================================================================
[main]
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
ds = shiro.ShiroBoneCPDataSource
jdbcRealm.dataSource=$ds
jdbcRealm.authenticationQuery = SELECT password FROM users WHERE username = ?
jdbcRealm.userRolesQuery = SELECT role_id FROM user_role WHERE user_id = (SELECT id FROM users WHERE username = ?)
jdbcRealm.permissionsQuery = SELECT permission FROM role_permission WHERE role_id = ?
hashService = org.apache.shiro.crypto.hash.DefaultHashService
# NONE of the hashService settings is required. The defaults will work fine.
hashService.hashAlgorithmName = SHA-256
hashService.generatePublicSalt = true
# If you wanted to use some private salt bytes, provide in Base64 (NOT A BAD IDEA!)
hashService.privateSalt = aGltYWxheWFu
# We use this one to create a new test user with a hashed password.
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
passwordService.hashService = $hashService
# We use this for our authentication tests.
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
jdbcRealm.credentialsMatcher = $passwordMatcher
securityManager.realms = $jdbcRealm
# -----------------------------------------------------------------------------
# Users and their assigned roles
#
# Each line conforms to the format defined in the
# org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions JavaDoc
# -----------------------------------------------------------------------------
[users]
# -----------------------------------------------------------------------------
# Roles with assigned permissions
#
# Each line conforms to the format defined in the
# org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc
# -----------------------------------------------------------------------------
[roles]
我在这里使用这个 shiro.ini 文件
public Subject authenticateWithShiro(String username, char[] pass) {
Subject currentUser = null;
try {
log.info("Authentication with shiro is started...");
Factory<org.apache.shiro.mgt.SecurityManager> factory = new IniSecurityManagerFactory(
"classpath:resources/shiro.ini");
org.apache.shiro.mgt.SecurityManager securityManager = factory
.getInstance();
SecurityUtils.setSecurityManager(securityManager);
currentUser = SecurityUtils.getSubject();
Session session = currentUser.getSession();
session.setAttribute("someKey", "aValue");
String value = (String) session.getAttribute("someKey");
if (value.equals("aValue")) {
log.info("Retrieved the correct value! [" + value + "]");
}
// let's login the current user so we can check against roles and
// permissions:
if (!currentUser.isAuthenticated()) {
System.out.println("Current user has been authenticated.");
UsernamePasswordToken token = new UsernamePasswordToken(
username, pass);
token.setRememberMe(true);
currentUser.login(token);
}
} catch (Exception e) {
log.error("Authentication failed", e);
log.error(e.getMessage());
}
return currentUser;
}
因此,在执行以下代码时,org.apache.shiro.authc.IncorrectCredentialsException:提交的令牌凭据 [org.apache.shiro.authc.UsernamePasswordToken - yunusa,rememberMe=true] 与预期凭据不匹配
Subject subject = new UserHandler().authenticateWithShiro(username, textPassword.getPassword());
if (subject != null && subject.isAuthenticated()) {
System.out.println("successfull login");
} else {
System.out.println("Failed log in");
}
我也是shiro新手。我相信您可能错过了在 ini
文件中添加 Auth 令牌信息。
添加:
yourID = passWord
在 [users]
部分下。
希望对您有所帮助!
经过这么多时间尝试通过 Whosebug 问题寻找答案但没有成功,我终于决定通过我的 INI(shiro.ini) 并发现了一个小错误。我一开始设置hashService.generatePublicSalt为true,同时配置了private salt,貌似是错误的
当我删除私有盐时,一切都像魅力一样。
这是我第一次使用 apache shiro,所以请多多包涵。
我的shiro.ini
# =============================================================================
# Quickstart INI Realm configuration
#
# =============================================================================
[main]
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
ds = shiro.ShiroBoneCPDataSource
jdbcRealm.dataSource=$ds
jdbcRealm.authenticationQuery = SELECT password FROM users WHERE username = ?
jdbcRealm.userRolesQuery = SELECT role_id FROM user_role WHERE user_id = (SELECT id FROM users WHERE username = ?)
jdbcRealm.permissionsQuery = SELECT permission FROM role_permission WHERE role_id = ?
hashService = org.apache.shiro.crypto.hash.DefaultHashService
# NONE of the hashService settings is required. The defaults will work fine.
hashService.hashAlgorithmName = SHA-256
hashService.generatePublicSalt = true
# If you wanted to use some private salt bytes, provide in Base64 (NOT A BAD IDEA!)
hashService.privateSalt = aGltYWxheWFu
# We use this one to create a new test user with a hashed password.
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
passwordService.hashService = $hashService
# We use this for our authentication tests.
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
jdbcRealm.credentialsMatcher = $passwordMatcher
securityManager.realms = $jdbcRealm
# -----------------------------------------------------------------------------
# Users and their assigned roles
#
# Each line conforms to the format defined in the
# org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions JavaDoc
# -----------------------------------------------------------------------------
[users]
# -----------------------------------------------------------------------------
# Roles with assigned permissions
#
# Each line conforms to the format defined in the
# org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc
# -----------------------------------------------------------------------------
[roles]
我在这里使用这个 shiro.ini 文件
public Subject authenticateWithShiro(String username, char[] pass) {
Subject currentUser = null;
try {
log.info("Authentication with shiro is started...");
Factory<org.apache.shiro.mgt.SecurityManager> factory = new IniSecurityManagerFactory(
"classpath:resources/shiro.ini");
org.apache.shiro.mgt.SecurityManager securityManager = factory
.getInstance();
SecurityUtils.setSecurityManager(securityManager);
currentUser = SecurityUtils.getSubject();
Session session = currentUser.getSession();
session.setAttribute("someKey", "aValue");
String value = (String) session.getAttribute("someKey");
if (value.equals("aValue")) {
log.info("Retrieved the correct value! [" + value + "]");
}
// let's login the current user so we can check against roles and
// permissions:
if (!currentUser.isAuthenticated()) {
System.out.println("Current user has been authenticated.");
UsernamePasswordToken token = new UsernamePasswordToken(
username, pass);
token.setRememberMe(true);
currentUser.login(token);
}
} catch (Exception e) {
log.error("Authentication failed", e);
log.error(e.getMessage());
}
return currentUser;
}
因此,在执行以下代码时,org.apache.shiro.authc.IncorrectCredentialsException:提交的令牌凭据 [org.apache.shiro.authc.UsernamePasswordToken - yunusa,rememberMe=true] 与预期凭据不匹配
Subject subject = new UserHandler().authenticateWithShiro(username, textPassword.getPassword());
if (subject != null && subject.isAuthenticated()) {
System.out.println("successfull login");
} else {
System.out.println("Failed log in");
}
我也是shiro新手。我相信您可能错过了在 ini
文件中添加 Auth 令牌信息。
添加:
yourID = passWord
在 [users]
部分下。
希望对您有所帮助!
经过这么多时间尝试通过 Whosebug 问题寻找答案但没有成功,我终于决定通过我的 INI(shiro.ini) 并发现了一个小错误。我一开始设置hashService.generatePublicSalt为true,同时配置了private salt,貌似是错误的
当我删除私有盐时,一切都像魅力一样。