java - 在 apache shiro 中提交 token 时获取异常身份验证失败

Question

我是 apache shiro 的新手。当我执行这条语句时出现异常。

currentUser.login(token);

异常(exception)是

 errororg.apache.shiro.authc.AuthenticationException: Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken - abc@gmail.com, rememberMe=true].  Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException).

我正在为登录调用此方法。代码是。

  public boolean authorize(String username,String password)
{
    Boolean status=false;
    log.debug("the user id "+username+"passwrodD::"+password);
    Realm realm = new JdbcRealm();
    DefaultSecurityManager securityManager = new DefaultSecurityManager(realm);
    UsernamePasswordToken token = new UsernamePasswordToken(username, password);
    token.setRememberMe(true);
    SecurityUtils.setSecurityManager(securityManager);
    Subject currentUser = SecurityUtils.getSubject();

    Response r = null;
    log.debug("before process for login");
    try
    {
        currentUser.login(token);   //This throws an error upon form submission

        r = Response.ok().entity(token).build();            

    }
    catch (UnknownAccountException uae ) {
        //username wasn't in the system, show them an error message?
        System.out.println("the user name is invalid");
    } catch ( IncorrectCredentialsException ice ) {
        //password didn't match, try again?
        System.out.println("the password name is invalid");
    } catch ( LockedAccountException lae ) {
        //account for that username is locked - can't login.  Show them a message?

    } catch ( AuthenticationException ae ) {
        //unexpected condition - error?
        System.out.println("unexpect error"+ae);
    }
    return status;
}

我的 shiro.ini 文件

 [main]
 jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
 jdbcRealm.permissionsLookupEnabled = true
 jdbcRealm.authenticationQuery =select User_Password FROM  user_master where User_id=?
 ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource
 ds.serverName = localhost
 ds.user = root
 ds.password = root
 ds.databaseName = test
 jdbcRealm.dataSource = $ds
 [users]
 [roles]
 [urls]

我在我的 web.xml 文件中包含监听器和过滤器。 我将 authenticationQuery 更改为我的查询。当我执行时，出现上述错误。而且我确实知道修改或覆盖查询的正确方法。

Answer 1

我认为问题在于您在 shiro.ini 中缺少 securityManager.realm = $jdbcRealm