实现简单的Shiro登录认证问题

实现Shiro简单登录认证后出现问题。您不使用 ajax 请求登录。当你点击login访问一个controller方法，securityuils.getsubject.login(token)访问提交时，找不到地址。是否需要加密码呢？

//This is the controller
@RequestMapping("/checkLogin.do")
    private void login(HttpServletRequest request) throws UserException{
        String account = request.getParameter("account");
        String password = request.getParameter("password");
        UsernamePasswordToken token = new UsernamePasswordToken(account,password);
        Subject currentUser = SecurityUtils.getSubject();
        try{
            if(!currentUser.isAuthenticated()){
                currentUser.login(token);
            }
        }catch(UnknownAccountException uae){
            //User name / password error
            Throw new useraccountexception ("wrong user name or password! "";
        }catch(IncorrectCredentialsException ice){
            //User name / password error
            Throw new usercredentialsexception ("wrong user name or password! "";
        }catch(ExcessiveAttemptsException eae){
            //Abnormal login times, account locked
            Throw new userattemptsexception ("login more than 5 times, account locked! "";
        }catch(AuthenticationException ae){
            //Other exceptions
            Throw new userexception ("login failed! "";
        }
    }
    
}
//This is realm
@Override
    protected AuthenticationInfo doGetAuthenticationInfo(
            AuthenticationToken token) throws AuthenticationException {
        //Token based on user name and password
        //This token is from currentuser.login (token) of registcontroller
        UsernamePasswordToken uptoken = (UsernamePasswordToken)token;
        //Call service to query user through user account
        UserAuthDTO userAuth = userService.getUserAuthByAccount((String)uptoken.getPrincipal());
        if(userAuth == null){
            return null;
        }
        String identity = userAuth.getAccount();
        String password = userAuth.getPassword();
        String salt = userAuth.getSalt();
        if(userAuth.getIsLocked() != null && userAuth.getIsLocked() == 1){
            Throw new authenticationexception ("the account is locked! "";
        }
        AuthenticationInfo authInfo = new SimpleAuthenticationInfo(userAuth
                , password, ByteSource.Util.bytes(identity+salt), this.getName()); 
        System. Out. Println ("realm login authentication is over! "";
        return authInfo;
    }
}
//This is Shiro configuration
 <! -- configuration filter will be referenced by the filter configured in web.xml -- >
        <! -- Shiro's web filter -- >
        <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <! -- inject security component -- >
            <property name="securityManager" ref="securityManager" />
            <! -- set login address -- >
            <property name="loginUrl" value="/user/login.do"/>
            <property name="successUrl" value="/index.jsp"/>
<!--            <property name="unauthorizedUrl" value="/unauthorized.jsp"/> -->
            <! -- because every bean of type javax.servlet.filter that has been defined can pass the bean name in the definition of the chain
            So the filters property is not required. But you can replace the filters with the filters property as needed
            Instance or alias filter -- >
            <!-- <property name="filters">
                <map>
                    <entry key="anAlias" value-ref="someFilter"/>
                </map>
            </property>-->
            <! -- processor execution chain -- >
            <property name="filterChainDefinitions">
                <value>
                    <! -- define permission interception -- >
                    <! -- set anonymous access to static resources -- >
                    <! -- set anonymous access to login registration page -- >
                    /regist.jsp = anon
                    /login.jsp = anon
                </value>
            </property>
        </bean>
        <!-- securityManager -->
        <! -- Security Manager -- >
        <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="realm" ref="userAuthenticatorRealm"/>
        </bean>        
        <! -- ensure bean execution of lifecycle function within Shiro -- >
<!--        <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>-->
        
        <! -- configure the realm for specific authentication and authorization -- >
        <! -- inherit the user-defined realm of authorizing realm used to complete user login authentication -- >
        <bean id="userAuthenticatorRealm" class="com.maikesiwei.mksw.user.shiro.realm.UserAuthenticatorRealm">
            <! -- inject credentialsmatcher for certificate matching -- >
            <property name="credentialsMatcher" ref="credentialsMatcher"/>
        </bean>
        <! -- credential matcher -- >
        <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
            <! -- encryption hash algorithm -- >
            <property name="hashAlgorithmName" value="SHA-256"/>
            <! -- iterations -- >
            <property name="hashIterations" value="5"/>
        </bean>

最后点击登录。

HTTP Status 404 – /web-templet/user/user/checkLogin

type 状态报告

信息 /web-templet/user/user/checkLogin

描述 请求的资源不可用。

Apache Tomcat/8.0.44

如果在登录页面直接点击登录，会报账号密码错误。如果直接填写账号，点击登录域，会发现用户返回到认证信息，页面如下：

如果大家想了解更多相关知识，可以关注一下赢咖4的Shiro视频教程，里面的内容详细，由浅到深，适合没有基础的小伙伴学习，希望对大家能够有所帮助。