Shiro身份验证抛出AuthenticationException异常
这个异常是在登录的时候出现错误时抛出的异常,比如账户锁定,证书失效等,先来看下 AuthenticationException常用的的子类:
1.UsernameNotFoundException 用户找不到
2.BadCredentialsException 坏的凭据
3.AccountStatusException 用户状态异常它包含如下子类
4.AccountExpiredException 账户过期
5.LockedException账户锁定
6.DisabledException 账户不可用
7.CredentialsExpiredException 证书过期
密码错误
org.apache.shiro.authc.IncorrectCredentialsException: Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken - system, rememberMe=false] did not match the expected credentials.
账号报错
org.apache.shiro.authc.UnknownAccountException: Realm [com.fh.realm.UserRealm@7d7e59d9] was unable to find account data for the submitted AuthenticationToken [org.apache.shiro.authc.UsernamePasswordToken - ststem, rememberMe=false].
原代码:
@RequestMapping("login")
public ResultObj login(String loginname, String pwd, HttpSession session, HttpServletRequest request) {
Subject subject = SecurityUtils.getSubject();
AuthenticationToken token=new UsernamePasswordToken(loginname, pwd);
try {
subject.login(token);
// 登录成功之后讲用户信息放到session中
ActiverUser activerUser = (ActiverUser) subject.getPrincipal();
User user = activerUser.getUser();
session.setAttribute("user",user);
//登录成功
return ResultObj.LOGIN_SUCCESS;
} catch (AuthenticationException e) {
e.printStackTrace();
//登陆失败,用户名或密码不正确
return ResultObj.LOGIN_ERROR_PASS;
}
}
修改后代码:
@RequestMapping("login")
public ResultObj login(String loginname, String pwd, HttpSession session, HttpServletRequest request) {
Subject subject = SecurityUtils.getSubject();
AuthenticationToken token = new UsernamePasswordToken(loginname, pwd);
try {
subject.login(token);
//登录成功之后将用户信息放入session中
ActiverUser activerUser = (ActiverUser) subject.getPrincipal();
User user = activerUser.getUser();
//将user放入session中
session.setAttribute("user", user);
//登陆成功
return ResultObj.LOGIN_SUCCESS;
} catch (AuthenticationException e) {
if (e instanceof UnknownAccountException) {
//登陆失败,用户名或密码不正确
return ResultObj.LOGIN_ERROR_PASS;
} else if (e instanceof IncorrectCredentialsException) {
//登陆失败,用户名或密码不正确
return ResultObj.LOGIN_ERROR_PASS;
} else if (e instanceof LockedAccountException) {
//登陆失败,用户名或密码不正确
return ResultObj.LOGIN_ERROR_PASS;
} else {
//登陆失败,用户名或密码不正确
return ResultObj.LOGIN_ERROR_PASS;
}
}
}
ResultObj.LOGIN_ERROR_PASS 和 ResultObj.LOGIN_SUCCESS为封装属性
@Data
@AllArgsConstructor
@NoArgsConstructor
public class ResultObj {
public static final ResultObj LOGIN_SUCCESS=new ResultObj(Constast.OK, "登陆成功");
public static final ResultObj LOGIN_ERROR_PASS=new ResultObj(Constast.ERROR, "登陆失败,用户名或密码不正确");
public static final ResultObj LOGIN_ERROR_CODE=new ResultObj(Constast.ERROR, "登陆失败,验证码不正确");
private Integer code;
private String msg;
}