shiro登陆验证,始终提示密码不匹配,密码也是正确的,添加的时候也是正确的,这是什么原因呢?原因就在于创建bean的时候出的问题。下面是我测试通过的代码贴出来,希望对跟我一样的新手有帮助。
/**
* Spring的一个bean , 由Advisor决定对哪些类的方法进行AOP代理 .
* @return
*/
@Bean
@ConditionalOnMissingBean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
defaultAAP.setProxyTargetClass(true);
return defaultAAP;
}
/**
* 自定义Realm创建
* @return
*/
@Bean
public CustomRealm myShiroRealm(HashedCredentialsMatcher credentialsMatcher){
CustomRealm myShiroRealm = new CustomRealm();
//将自定义的令牌set到了Realm
myShiroRealm.setCredentialsMatcher(credentialsMatcher);
return myShiroRealm;
}
/**
* 交由SecurityManage管理
* @return
*/
@Bean
@DependsOn("hashedCredentialsMatcher")
public SecurityManager securityManager(HashedCredentialsMatcher credentialsMatcher){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm(credentialsMatcher));
return securityManager;
}
//Filter工厂,设置对应的过滤条件和跳转条件
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> map = new HashMap<>();
map.put("/bower_components/**","anon");
map.put("/dist/**","anon");
map.put("/pages/**","anon");
map.put("/plugins/**","anon");
map.put("/regist","anon");
map.put("/doLogin","anon");
map.put("/doRegist","anon");
//登出
map.put("/logout", "logout");
//对所有用户认证
map.put("/**", "authc");
//登录
shiroFilterFactoryBean.setLoginUrl("/login");
//首页
shiroFilterFactoryBean.setSuccessUrl("/index");
//错误页面,认证不通过跳转
shiroFilterFactoryBean.setUnauthorizedUrl("/error");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
/**
* 配置shiro跟spring的关联
* @param securityManager
* @return
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
/**
* 密码校验规则HashedCredentialsMatcher
* 这个类是为了对密码进行编码的 ,
* 防止密码在数据库里明码保存 , 当然在登陆认证的时候 ,
* 这个类也负责对form里输入的密码进行编码
* 处理认证匹配处理器:如果自定义需要实现继承HashedCredentialsMatcher
*/
@Bean("hashedCredentialsMatcher")
public HashedCredentialsMatcher hashedCredentialsMatcher() {
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
//指定加密方式为MD5
credentialsMatcher.setHashAlgorithmName(ShiroUtil.HASHAGONAME);
//加密次数
credentialsMatcher.setHashIterations(ShiroUtil.HASHITERATIONS);
//true加密用的hex编码,false用的base64编码
credentialsMatcher.setStoredCredentialsHexEncoded(true);
return credentialsMatcher;
}
@Bean("customRealm")
@DependsOn("lifecycleBeanPostProcessor")//可选
public CustomRealm getCustomRealm(@Qualifier("hashedCredentialsMatcher") HashedCredentialsMatcher matcher) {
CustomRealm authRealm = new CustomRealm();
authRealm.setAuthorizationCachingEnabled(false);
authRealm.setCredentialsMatcher(matcher);
return authRealm;
}
/**
* lifecycleBeanPostProcessor是负责生命周期的 , 初始化和销毁的类
* (可选)
*/
@Bean("lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}