I went over and over again on how to log in with Shiro, but it still seems like the vital part is missing: how does siro authenticate this username and password to store usernames and passwords? The most that I found out is It is each Realm responsibility to match submitted credentials with those stored in the Realm backing data store from here . But how is this done?
Below I tried, but the result is still invalid authentication.
LoginController
@RequestMapping(value = "/login.htm", method = RequestMethod.POST) protected ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse response, Object cmd, BindException errors) throws Exception { LoginCommand command = (LoginCommand) cmd; UsernamePasswordToken token = new UsernamePasswordToken(command.getUsername(), command.getPassword()); System.out.println("onSubmit"); System.out.println(token.getUsername()); System.out.println(token.getPassword()); try { SecurityUtils.getSubject().login(token); } catch (AuthenticationException e) { errors.reject("error.invalidLogin", "The username or password was not correct."); } if (errors.hasErrors()) { return showForm(request, response, errors); } else { return new ModelAndView("accessTest"); } }
Realm
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; System.out.println("doGetAuthenticationInfo"); System.out.println(user.getUsername()); System.out.println(user.getPassword()); // user is a test object in place of a database if( user != null ) { return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName()); } else { return null; } }
source share