shiro登录认证出错

Troyturk 2015-12-02 10:11:39

也不报错，就是输入用户名和密码之后一直返回的是原来的登录页面

这是我的spring-shiro-web.xml：

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

       xmlns:util="http://www.springframework.org/schema/util"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xsi:schemaLocation="

       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">



    <!-- Realm实现 -->

    <bean id="userRealm" class="com.moon.shiro.UserRealm"/>

       



    <!-- 安全管理器 -->

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

        <property name="realm" ref="userRealm"/>

    </bean>



 

    <!-- Shiro的Web过滤器 -->

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

        <property name="securityManager" ref="securityManager"/>

        <property name="loginUrl" value="/user/login.action"/>

        

	    <property name="successUrl" value="/user/gouser.action"/> 

        <property name="unauthorizedUrl" value="/unauthorized.jsp"/>

        

        <property name="filterChainDefinitions">

            <value>

            <!-- 对静态资源设置匿名访问 -->

				/images/** = anon

				/js/** = anon

				/css/** = anon

				/assets/** = anon

				

                /index.jsp = anon

                /user.jsp = authc

                /unauthorized.jsp = anon

                /login.jsp = authc

                /logout = logout

                /** = authc

            </value>

        </property>

    </bean>



</beans>

这是我的UserRealm：

public class UserRealm extends AuthorizingRealm {



    private UserService userService;



    public void setUserService(UserService userService) {

        this.userService = userService;

    }



    @Override

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

//        String username = (String)principals.getPrimaryPrincipal();

//

//        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();

//        authorizationInfo.setRoles(userService.findRoles(username));

//        authorizationInfo.setStringPermissions(userService.findPermissions(username));

//

//        return authorizationInfo;

    	return null;

    }



    @Override

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {



        String username = (String)token.getPrincipal();



        User user = userService.findByUsername(username);



        if(user == null) {

            throw new UnknownAccountException();//没找到帐号

        }



        



        //交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配，如果觉得人家的不好可以自定义实现

        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(

                user.getUserName(), //用户名

                user.getPassword(), //密码

                ByteSource.Util.bytes(user.getCredentialsSalt()),//salt=username+salt

                getName()  //realm name

        );

        return authenticationInfo;

    }

这是我的LoginController部分：

	@RequestMapping(value = "/login"    )

    public String showLoginForm(HttpServletRequest req, Model model) {

        String exceptionClassName = (String)req.getAttribute("shiroLoginFailure");

        String error = null;

        if(UnknownAccountException.class.getName().equals(exceptionClassName)) {

            error = "用户名/密码错误";

        } else if(IncorrectCredentialsException.class.getName().equals(exceptionClassName)) {

            error = "用户名/密码错误";

        } else if(exceptionClassName != null) {

            error = "其他错误：" + exceptionClassName;

        }

        model.addAttribute("error", error);

        System.out.println("error:  "+error);

        

       // 此方法不处理登陆成功（认证成功），shiro认证成功会自动跳转到上一个请求路径

       // 登陆失败还到login页面

        return "user/login";

    }