Apache Shiro登录错误：IncorrectCredentialsException

Question

我试图登录时不断收到此错误。任何帮助表示赞赏。

登录码

Realm realm = new TestRealm(); 
SecurityManager sm = new DefaultSecurityManager(realm); 
SecurityUtils.setSecurityManager(sm); 

UsernamePasswordToken token = new UsernamePasswordToken(); 
token.setUsername("dave"); 
token.setPassword("le1990".toCharArray()); 
token.setRememberMe(true); 

Subject sub = SecurityUtils.getSubject(); 
sub.login(token); 

doGetAuthenticationInfo方法

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException{  

    UsernamePasswordToken upToken = (UsernamePasswordToken)token;  
    String username = upToken.getUsername(); 

    if(username == null) 
     this.logger.info("We don't except Null usernames. sorry. "); 

    AuthenticationInfo info = null; 
    try{ 

     USER user = new USER(); 
     String pass = user.getPassForUser(); 

     if(pass == null) 
      throw new AccountException("The account your looking for doesn't exist"); 


     info = new SimpleAuthenticationInfo(username, pass, getName()); 

user.getPassForUser方法返回测试硬连线的值。从价值$ DB $ shiro1 SHA-256 $ $ 500000 temCnap0k + zboIW7y49Mww == $ veyM6YL3QiCJvMwo0r2yu0KDC3ueAxZOYuN0vT + 0v5M =

shiro.ini文件

# realms to be used 
customSecurityRealm=com.raven.rave.common.TestRealm 
customSecurityRealm.jndiDataSourceName=java:jdbc/dbeka 
customSecurityRealm.permissionsLookupEnabled=true 

最后抛出的异常

ERROR [STDERR] org.apache.shiro.authc.IncorrectCredentialsException: 
Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken - dave, rememberMe=true] did not match the expected credent 
ERROR [STDERR]  at org.apache.shiro.realm.AuthenticatingRealm.assertCredentialsMatch(AuthenticatingRealm.java:600) 
ERROR [STDERR]  at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:578) 
ERROR [STDERR]  at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) 
ERROR [STDERR]  at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267) 
ERROR [STDERR]  at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) 
ERROR [STDERR]  at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) 
ERROR [STDERR]  at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270) 
ERROR [STDERR]  at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) 

复制当我注册用户，我传入了相同的密码“le1990”。 另外，从数据库中检索的密码是否必须是纯文本。如果是这样，我如何解密存储的密码？

Answer 1

问题很明显，错过了。我没有将credentialMatcher设置为ini文件中的jdbc领域。在声明中加入了它。

更新shiro.ini文件

passwordService = org.apache.shiro.authc.credential.DefaultPasswordService 
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher 
passwordMatcher.passwordService = $passwordService 

# realms to be used 
jdbcrealm=com.raven.rave.common.TestRealm 
jdbcrealm.permissionsLookupEnabled=true 
securityManager.realm = $jdbcrealm 
#statement that fixed it up 
jdbcrealm.credentialsMatcher = $passwordMatcher