我想通了 It is each Realm's responsibility to match submitted credentials with those stored in the Realm's backing data store from here . 但那怎么办?
以下是我尝试过的,但结果仍然是无效的身份验证 .
的LoginController
@RequestMapping(value = "/login.htm", method = RequestMethod.POST)
protected ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse response, Object cmd, BindException errors) throws Exception {
LoginCommand command = (LoginCommand) cmd;
UsernamePasswordToken token = new UsernamePasswordToken(command.getUsername(), command.getPassword());
System.out.println("onSubmit");
System.out.println(token.getUsername());
System.out.println(token.getPassword());
try
{
SecurityUtils.getSubject().login(token);
} catch (AuthenticationException e) {
errors.reject("error.invalidLogin", "The username or password was not correct.");
}
if (errors.hasErrors()) {
return showForm(request, response, errors);
} else {
return new ModelAndView("accessTest");
}
}
领域
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
System.out.println("doGetAuthenticationInfo");
System.out.println(user.getUsername());
System.out.println(user.getPassword());
// user is a test object in place of a database
if( user != null ) {
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
} else {
return null;
}
}
1 回答
发现了答案 . 这是一个愚蠢的人 . 我复制了一些示例代码,并将凭证匹配器设置为HashedCredentialsMatcher . 我没有做任何哈希,所以它不起作用 . 删除了setCredentialsMatcher并且它工作正常 .