shiro免登录（网上大众化的方法）

一 添加枚举登录类型

public enum LoginType {
    PASSWORD("password"), // 密码登录
    NOPASSWD("nopassword"); // 免密登录
    private String code;// 状态值

    private LoginType(String code) {
        this.code = code;
    }

    public String getCode() {
        return code;
    }
}

二 重写HashedCredentialsMatcher，增加免密登录

/**
 * 用于免密登录
 */
public class CostomCredentialsMatch extends HashedCredentialsMatcher {
    private String hashAlgorithm;
    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {

        //增加免登录
        UsernamePasswordToken unbroken = (UsernamePasswordToken) token;
        //免密登录,不验证密码
        if (LoginType.NOPASSWD.equals(unbroken.getLoginType())){
            return true;
        }
        Object tokenHashedCredentials = hashProvidedCredentials(token, info);
        Object accountCredentials = getCredentials(info);
        return equals(tokenHashedCredentials, accountCredentials);
    }

}

三 重写shiro中的UsernamePasswordToken

1. 添加构造函数
   
2. 自定义的realm中调用自定义的token，比如

	/**
	 * 设定密码校验的Hash算法与迭代次数
	 */
	@PostConstruct
	public void initCredentialsMatcher() {
		//HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(SystemService.HASH_ALGORITHM);
		CostomCredentialsMatch matcher = new CostomCredentialsMatch();
		matcher.setHashIterations(SystemService.HASH_INTERATIONS);
		matcher.setHashAlgorithmName(SystemService.HASH_ALGORITHM);
		setCredentialsMatcher(matcher);
	}

四 注入上述相关bean

	<bean id="credentialsMatcher" class="com.。。。.security.CostomCredentialsMatch"></bean>
	<bean id="systemAuthorizingRealm" class="com.。。。。.security.SystemAuthorizingRealm">
		<property name="credentialsMatcher" ref="credentialsMatcher"/>
	</bean>