使用的是JDBC的Realm
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
String username = (String) token.getPrincipal(); // 得到用户名
String password = new String((char[]) token.getCredentials()); // 得到密码
// System.out.println(username+","+ password);
if (StringUtils.isNotBlank(username)
&& StringUtils.isNotBlank(password)) {
Map<String, Object> params=new HashMap<>();
params.put("username", username);
params.put("password", password);
List<UserInfo> userInfoList = userInfoService.listUserByMap(params);
UserInfo userInfo=new UserInfo();
if(userInfoList!=null&&userInfoList.size()==1){//
userInfo = userInfoList.get(0);
}else{
return null;
}
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(
userInfo.getUsername(), userInfo.getPassword(),getName());
info.setCredentialsSalt(ByteSource.Util.bytes(userInfo.getUsername()));// 盐值
return info;
} else {
return null;
}
}
action里面
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(userName, MD5Encode.encode(password+userName, "md5"));
try {
subject.login(token);
这样写为什么不行,总是抛IncorrectCredentialsException异常。我采用的加盐的办法是 用户密码+用户名 即用户名作为盐值。