NutzCN Logo
问答 nutz shiro登陆问题 如何对用户登录密码进行校验的
发布于 126天前 作者 JsckChin 228 次浏览 复制 上一个帖子 下一个帖子
标签:
2018-07-12 18:17:34,009 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [GET] path=/xs/home : HomeModule.home(HomeModule.java:20)
2018-07-12 18:17:34,011 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'homeModule'<class com.yunqi.modules.module.sys.HomeModule>
2018-07-12 18:17:34,012 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:192) DEBUG - 	 >> Load definition name=homeModule
2018-07-12 18:17:34,012 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(homeModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,012 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:223) DEBUG - 	 >> Make...'homeModule'<class com.yunqi.modules.module.sys.HomeModule>
2018-07-12 18:17:34,012 org.nutz.ioc.impl.ScopeContext.save(ScopeContext.java:65) DEBUG - Save object 'homeModule' to [app] 
2018-07-12 18:17:34,012 org.nutz.ioc.aop.impl.DefaultMirrorFactory.getMirror(DefaultMirrorFactory.java:76) DEBUG - Load class com.yunqi.modules.module.sys.HomeModule without AOP
2018-07-12 18:17:34,027 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [ GET]URI=/xs/home 18ms
2018-07-12 18:17:34,028 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [GET] path=/xs/login : LoginModule.login(LoginModule.java:72)
2018-07-12 18:17:34,029 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
2018-07-12 18:17:34,029 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:192) DEBUG - 	 >> Load definition name=loginModule
2018-07-12 18:17:34,029 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(loginModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,029 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:223) DEBUG - 	 >> Make...'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
2018-07-12 18:17:34,029 org.nutz.ioc.impl.ScopeContext.save(ScopeContext.java:65) DEBUG - Save object 'loginModule' to [app] 
2018-07-12 18:17:34,029 org.nutz.ioc.aop.impl.DefaultMirrorFactory.getMirror(DefaultMirrorFactory.java:76) DEBUG - Load class com.yunqi.modules.module.sys.LoginModule without AOP
2018-07-12 18:17:34,032 org.nutz.ioc.val.ReferTypeValue.get(ReferTypeValue.java:64) DEBUG - name=userService not found, search for type=com.yunqi.modules.service.sys.SysUserService
2018-07-12 18:17:34,032 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(conf) in JsonLoader(paths=[ioc/])
2018-07-12 18:17:34,033 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(dao) in JsonLoader(paths=[ioc/])
2018-07-12 18:17:34,033 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(dataSource) in JsonLoader(paths=[ioc/])
2018-07-12 18:17:34,033 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(loginModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,033 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(sysLogService) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,033 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(homeModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,034 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(logModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,034 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(authorityService) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,034 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(csrTagsModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,034 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(dateUtil) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,034 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(authorityModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,034 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(userModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,034 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(stringUtil) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,035 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(sLogService) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,035 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(sysUserService) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,035 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'sysUserService'<class com.yunqi.modules.service.sys.SysUserService>
2018-07-12 18:17:34,035 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:192) DEBUG - 	 >> Load definition name=sysUserService
2018-07-12 18:17:34,035 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(sysUserService) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,035 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:223) DEBUG - 	 >> Make...'sysUserService'<class com.yunqi.modules.service.sys.SysUserService>
2018-07-12 18:17:34,035 org.nutz.ioc.impl.ScopeContext.save(ScopeContext.java:65) DEBUG - Save object 'sysUserService' to [app] 
2018-07-12 18:17:34,035 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'dao'<>
2018-07-12 18:17:34,035 org.nutz.ioc.aop.impl.DefaultMirrorFactory.getMirror(DefaultMirrorFactory.java:76) DEBUG - Load class com.yunqi.modules.service.sys.SysUserService without AOP
2018-07-12 18:17:34,036 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'dao'<>
2018-07-12 18:17:34,067 org.nutz.service.EntityService.<init>(EntityService.java:41) DEBUG - Get TypeParams for self : com.yunqi.modules.bean.sys.Sys_user
2018-07-12 18:17:34,068 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'sLogService'<class com.yunqi.common.slog.SLogService>
2018-07-12 18:17:34,068 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:192) DEBUG - 	 >> Load definition name=sLogService
2018-07-12 18:17:34,068 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(sLogService) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 18:17:34,068 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:223) DEBUG - 	 >> Make...'sLogService'<class com.yunqi.common.slog.SLogService>
2018-07-12 18:17:34,068 org.nutz.ioc.impl.ScopeContext.save(ScopeContext.java:65) DEBUG - Save object 'sLogService' to [app] 
2018-07-12 18:17:34,068 org.nutz.ioc.aop.impl.DefaultMirrorFactory.getMirror(DefaultMirrorFactory.java:76) DEBUG - Load class com.yunqi.common.slog.SLogService without AOP
2018-07-12 18:17:34,071 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'dao'<interface org.nutz.dao.Dao>
2018-07-12 18:17:34,312 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [ GET]URI=/xs/login 283ms
2018-07-12 18:17:34,324 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [GET] path=/xs/captcha : LoginModule.next(LoginModule.java:181)
2018-07-12 18:17:34,324 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
2018-07-12 18:17:34,674 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [ GET]URI=/xs/captcha 350ms
2018-07-12 18:17:38,855 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [POST] path=/xs/doLogin : LoginModule.doLogin(LoginModule.java:83)
2018-07-12 18:17:38,858 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
password == 11111111
2018-07-12 18:17:38,861 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'sysUserService'<class com.yunqi.modules.service.sys.SysUserService>
2018-07-12 18:17:38,866 org.nutz.dao.impl.sql.run.NutDaoExecutor.printSQL(NutDaoExecutor.java:388) DEBUG - SELECT * FROM sys_user  WHERE name=? LIMIT 0, 1 
    |     1 |
    |-------|
    | admin |
  For example:> "SELECT * FROM sys_user  WHERE name='admin' LIMIT 0, 1 "
user.getPassword()5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f
2018-07-12 18:17:38,880 org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:572) DEBUG - Looked up AuthenticationInfo [/*com.yunqi.modules.bean.sys.Sys_user@6945c30d*/{"id":"297bd939e833445c920e35e078689751","name":"admin","password":"5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f","salt":"41d1336535da4295aa891fedd4292246","isOnline":true,"locked":false,"loginAt":1531388527,"loginCount":28,"opBy":"","opAt":1531219874,"delFlag":false}] from doGetAuthenticationInfo
2018-07-12 18:17:38,880 org.apache.shiro.realm.AuthenticatingRealm.cacheAuthenticationInfoIfPossible(AuthenticatingRealm.java:510) DEBUG - AuthenticationInfo caching is disabled for info [/*com.yunqi.modules.bean.sys.Sys_user@6945c30d*/{"id":"297bd939e833445c920e35e078689751","name":"admin","password":"5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f","salt":"41d1336535da4295aa891fedd4292246","isOnline":true,"locked":false,"loginAt":1531388527,"loginCount":28,"opBy":"","opAt":1531219874,"delFlag":false}].  Submitted token: [com.yunqi.common.shiro.realm.CaptchaToken - admin, rememberMe=false (0:0:0:0:0:0:0:1)].
2018-07-12 18:17:38,880 org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:233) DEBUG - Authentication successful for token [com.yunqi.common.shiro.realm.CaptchaToken - admin, rememberMe=false (0:0:0:0:0:0:0:1)].  Returned account [/*com.yunqi.modules.bean.sys.Sys_user@6945c30d*/{"id":"297bd939e833445c920e35e078689751","name":"admin","password":"5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f","salt":"41d1336535da4295aa891fedd4292246","isOnline":true,"locked":false,"loginAt":1531388527,"loginCount":28,"opBy":"","opAt":1531219874,"delFlag":false}]
2018-07-12 18:17:38,880 org.apache.shiro.subject.support.DefaultSubjectContext.resolveSecurityManager(DefaultSubjectContext.java:101) DEBUG - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
2018-07-12 18:17:38,881 org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:440) DEBUG - Context already contains a session.  Returning.
2018-07-12 18:17:38,881 org.apache.shiro.subject.support.DefaultSubjectContext.resolveSecurityManager(DefaultSubjectContext.java:101) DEBUG - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
2018-07-12 18:17:38,882 org.apache.shiro.web.servlet.SimpleCookie.addCookieHeader(SimpleCookie.java:226) DEBUG - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 11-Jul-2018 10:17:38 GMT]
2018-07-12 18:17:38,882 org.apache.shiro.mgt.AbstractRememberMeManager.onSuccessfulLogin(AbstractRememberMeManager.java:290) DEBUG - AuthenticationToken did not indicate RememberMe is requested.  RememberMe functionality will not be executed for corresponding account.
密码是 == 5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f
2018-07-12 18:17:38,888 org.nutz.dao.impl.sql.run.NutDaoExecutor.printSQL(NutDaoExecutor.java:388) DEBUG - UPDATE sys_user SET loginIp=?,loginAt=?,loginCount=?,isOnline=?  WHERE id=?
    |    1 |          2 |  3 |    4 |                                5 |
    |------|------------|----|------|----------------------------------|
    | NULL | 1531390658 | 29 | true | 297bd939e833445c920e35e078689751 |
  For example:> "UPDATE sys_user SET loginIp=NULL,loginAt=1531390658,loginCount=29,isOnline=true  WHERE id='297bd939e833445c920e35e078689751'"
2018-07-12 18:17:38,939 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [POST]URI=/xs/doLogin 84ms
2018-07-12 18:17:38,946 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [GET] path=/xs/home : HomeModule.home(HomeModule.java:20)
2018-07-12 18:17:38,946 org.nutz.dao.impl.sql.run.NutDaoExecutor.printSQL(NutDaoExecutor.java:388) DEBUG - INSERT INTO sys_log(name,type,tag,src,ip,msg,param,result,opBy,opAt,delFlag) VALUES(?,?,?,?,?,?,?,?,?,?,?) 
    |     1 |    2 |    3 |                                                4 |               5 |       6 |    7 |    8 |                                9 |         10 |   11 |
    |-------|------|------|--------------------------------------------------|-----------------|---------|------|------|----------------------------------|------------|------|
    | admin | info | 用户登陆 | com.yunqi.modules.module.sys.LoginModule#doLogin | 0:0:0:0:0:0:0:1 | 成功登录系统! | NULL | NULL | 297bd939e833445c920e35e078689751 | 1531390658 | NULL |
  For example:> "INSERT INTO sys_log(name,type,tag,src,ip,msg,param,result,opBy,opAt,delFlag) VALUES('admin','info','用户登陆','com.yunqi.modules.module.sys.LoginModule#doLogin','0:0:0:0:0:0:0:1','成功登录系统!',NULL,NULL,'297bd939e833445c920e35e078689751',1531390658,NULL) "
2018-07-12 18:17:38,947 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'homeModule'<class com.yunqi.modules.module.sys.HomeModule>
2018-07-12 18:17:38,981 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [ GET]URI=/xs/home 35ms

登录的时候 没用验证密码正确性

23 回复

选了记住密码?

DEBUG - [POST]URI=/xs/doLogin 84ms

进入口方法啦

没有选择记住密码, 密码输入错误 也可以登录

shiro.ini

[main]
shiroDbRealm = com.yunqi.common.shiro.realm.CustomRealm 

authc = org.nutz.integration.shiro.SimpleAuthenticationFilter
authc.loginUrl  = /xs/login
logout.redirectUrl= /xs/login

[urls]
/xs/doLogin = anon
/assets/** = anon
/** = anon
/xs/** = authc

Login

    /*
     * 登陆方法
     */
    @At("/doLogin")
    @Ok("json")
    @Filters(@By(type = AuthenticationFilter.class))
    public Object doLogin(@Attr("loginToken") AuthenticationToken token,HttpServletRequest req, HttpSession session) {
    	// 设置登录错误次数
    	int errCount = 0;
    	try {
    		// 输错三次 显示验证码窗口
    		errCount = NumberUtils.toInt(Strings.sNull(SecurityUtils.getSubject().getSession(true).getAttribute("errCount")));
	    	Subject subject = SecurityUtils.getSubject();
	    	ThreadContext.bind(subject);
	    	subject.login(token);
	    	
	    	Sys_user user = (Sys_user)subject.getPrincipal();
	    	System.out.println("密码是 == " + user.getPassword());
	    	
	    	SecurityUtils.getSubject().getSession(true).setAttribute("user", user);
	    	// 记录登录信息
	    	int count = user.getLoginCount() == null ? 0 : user.getLoginCount();
	    	userService.update(Chain.make("loginIp", user.getLoginIp()).add("loginAt", Times.getTS())
                    .add("loginCount", count + 1).add("isOnline", true)
                    , Cnd.where("id", "=", user.getId()));
	    	// 记录日志
	    	Sys_log sysLog = new Sys_log();
	    	sysLog.setType("info");
	    	sysLog.setTag("用户登陆");
	    	sysLog.setSrc(this.getClass().getName() + "#doLogin");
	    	sysLog.setMsg("成功登录系统!");
	    	sysLog.setIp(Lang.getIP(req));
	    	sysLog.setOpBy(user.getId());
	    	sysLog.setOpAt(Times.getTS());
	    	sysLog.setName(user.getName());
	    	sLogService.async(sysLog);
	    	
	        return Result.success("login.success");
    	} catch (IncorrectCaptchaException e) {
    		//自定义的验证码错误异常
    		return Result.error(1, "login.error.captcha");
    	} catch (EmptyCaptchaException e) {
    		//验证码为空
    		return Result.error(2, "login.error.captcha");
    	}catch (LockedAccountException e) {
    		//锁定帐户异常
            return Result.error(3, "login.error.locked");
        } catch (UnknownAccountException e) {
        	errCount++;
        	SecurityUtils.getSubject().getSession(true).setAttribute("errCount", errCount);
            return Result.error(4, "login.error.user");
        } catch (AuthenticationException e) {
        	errCount++;
        	SecurityUtils.getSubject().getSession(true).setAttribute("errCount", errCount);
            return Result.error(5, "login.error.user");
        } catch (Exception e) {
        	errCount++;
        	SecurityUtils.getSubject().getSession(true).setAttribute("errCount", errCount);
            return Result.error(6, "login.error.system");
        }
    }

CustomRealm

package com.yunqi.common.shiro.realm;

import org.apache.commons.lang.math.NumberUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.nutz.dao.Cnd;
import org.nutz.ioc.Ioc;
import org.nutz.lang.Lang;
import org.nutz.lang.Strings;
import org.nutz.mvc.Mvcs;

import com.yunqi.common.shiro.exception.EmptyCaptchaException;
import com.yunqi.common.shiro.exception.IncorrectCaptchaException;
import com.yunqi.modules.bean.sys.Sys_permission;
import com.yunqi.modules.bean.sys.Sys_role;
import com.yunqi.modules.bean.sys.Sys_user;
import com.yunqi.modules.service.sys.SysUserService;



public class CustomRealm extends AuthorizingRealm {

	private SysUserService userService;

	/**
	 * 构造方法
	 */
	public CustomRealm() {
        setAuthenticationTokenClass(CaptchaToken.class);
    }
	
	/**
	 * 获取User服务类
	 * @return
	 */
    protected SysUserService getUserService() {
        if (Lang.isEmpty(userService)) {
            Ioc ioc = Mvcs.getIoc();
            userService = ioc.get(SysUserService.class);
        }
        return userService;
    }
    
    
	
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		// null usernames are invalid
		System.out.println(" 需要授权操作 ");
        if (principals == null) {
            throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
        }
        int userId = (Integer) principals.getPrimaryPrincipal();
        Sys_user user = getUserService().fetch(userId);
        if (user == null)
            return null;
        if (user.isLocked())
            throw new LockedAccountException("Account [" + user.getName() + "] is locked.");

        SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo();
        user = getUserService().fetchLinks(user, null);
        if (user.getRoles() != null) {
        	getUserService().fetchLinks(user, null);
            for (Sys_role role : user.getRoles()) {
                auth.addRole(role.getName());
                if (role.getPermissions() != null) {
                    for (Sys_permission p : role.getPermissions()) {
                        auth.addStringPermission(p.getName());
                    }
                }
            }
        }
        if (user.getPermissions() != null) { // 特许/临时分配的权限
            for (Sys_permission p : user.getPermissions()) {
                auth.addStringPermission(p.getName());
            }
        }
        return auth;
	}


	/**
	 * 用于认证
     * @param token
     * @return
     * @throws AuthenticationException
	 */
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
 
		// 自定义 CustomRealm
		CaptchaToken authcToken = (CaptchaToken)token;
		// 从主体传过来的认证信息中,获取用户名
		//String name =(String) authcToken.getPrincipal();
		String name = authcToken.getUsername();
        String captcha = authcToken.getCaptcha();
        String password = new String((char[])authcToken.getCredentials()); //得到密码
        System.out.println("password == " + password);
		// 账号为空
		if (Strings.isBlank(name)) 
	        throw Lang.makeThrow(AuthenticationException.class, "Account name is empty");
		// 查询数据
		Sys_user user = getUserService().fetch(Cnd.where("name", "=", name));
		// 未找到帐户
		if (Lang.isEmpty(user)) {
            throw Lang.makeThrow(UnknownAccountException.class, "Account [ %s ] not found", name);
        }
		// 输错三次 显示验证码窗口
		int errCount = NumberUtils.toInt(Strings.sNull(SecurityUtils.getSubject().getSession(true).getAttribute("errCount")));
		if (errCount > 2) {
            //输错三次显示验证码窗口
            if (Strings.isBlank(captcha)) {
                throw Lang.makeThrow(EmptyCaptchaException.class, "Captcha is empty");
            }
            String _captcha = Strings.sBlank(SecurityUtils.getSubject().getSession(true).getAttribute("captcha"));
            if (!authcToken.getCaptcha().equalsIgnoreCase(_captcha)) {
                throw Lang.makeThrow(IncorrectCaptchaException.class, "Captcha is error");
            }
        }
		// 账号被禁用了
        if (user.isLocked())
            throw new LockedAccountException("Account [" + user.getName() + "] is locked.");
        SecurityUtils.getSubject().getSession(true).setAttribute("errCount", 0);
        System.out.println("user.getPassword()" + user.getPassword());
		SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.getPassword(),getName());
		info.setCredentialsSalt(ByteSource.Util.bytes(user.getSalt()));
        return info;
	}
	
	/**
	 * 覆盖父类的验证,直接pass
	 */
	protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException {
	}
 

}

SimpleAuthenticationInfo(user,user.getPassword(),getName()); 这里传入的密码 没有验证,不知道哪里不对

用了什么realm实现类

运行日志

2018-07-12 20:04:33,379 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:110) DEBUG - Search mapping for [GET] path=/ : NOT Action match
2018-07-12 20:04:33,416 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [GET] path=/xs : LoginModule.login(LoginModule.java:72)
2018-07-12 20:04:33,419 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
2018-07-12 20:04:33,420 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:192) DEBUG - 	 >> Load definition name=loginModule
2018-07-12 20:04:33,420 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(loginModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,420 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:223) DEBUG - 	 >> Make...'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
2018-07-12 20:04:33,420 org.nutz.ioc.impl.ScopeContext.save(ScopeContext.java:65) DEBUG - Save object 'loginModule' to [app] 
2018-07-12 20:04:33,421 org.nutz.ioc.aop.impl.DefaultMirrorFactory.getMirror(DefaultMirrorFactory.java:76) DEBUG - Load class com.yunqi.modules.module.sys.LoginModule without AOP
2018-07-12 20:04:33,424 org.nutz.ioc.val.ReferTypeValue.get(ReferTypeValue.java:64) DEBUG - name=userService not found, search for type=com.yunqi.modules.service.sys.SysUserService
2018-07-12 20:04:33,425 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(conf) in JsonLoader(paths=[ioc/])
2018-07-12 20:04:33,425 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(dao) in JsonLoader(paths=[ioc/])
2018-07-12 20:04:33,426 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(dataSource) in JsonLoader(paths=[ioc/])
2018-07-12 20:04:33,426 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(loginModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,426 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(sysLogService) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,427 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(homeModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,427 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(logModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,427 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(authorityService) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,427 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(csrTagsModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,427 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(dateUtil) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,427 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(authorityModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,428 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(userModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,428 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(stringUtil) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,428 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(sLogService) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,428 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(sysUserService) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,428 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'sysUserService'<class com.yunqi.modules.service.sys.SysUserService>
2018-07-12 20:04:33,428 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:192) DEBUG - 	 >> Load definition name=sysUserService
2018-07-12 20:04:33,428 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(sysUserService) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,428 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:223) DEBUG - 	 >> Make...'sysUserService'<class com.yunqi.modules.service.sys.SysUserService>
2018-07-12 20:04:33,428 org.nutz.ioc.impl.ScopeContext.save(ScopeContext.java:65) DEBUG - Save object 'sysUserService' to [app] 
2018-07-12 20:04:33,429 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'dao'<>
2018-07-12 20:04:33,429 org.nutz.ioc.aop.impl.DefaultMirrorFactory.getMirror(DefaultMirrorFactory.java:76) DEBUG - Load class com.yunqi.modules.service.sys.SysUserService without AOP
2018-07-12 20:04:33,429 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'dao'<>
2018-07-12 20:04:33,468 org.nutz.service.EntityService.<init>(EntityService.java:41) DEBUG - Get TypeParams for self : com.yunqi.modules.bean.sys.Sys_user
2018-07-12 20:04:33,468 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'sLogService'<class com.yunqi.common.slog.SLogService>
2018-07-12 20:04:33,468 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:192) DEBUG - 	 >> Load definition name=sLogService
2018-07-12 20:04:33,468 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(sLogService) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:33,468 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:223) DEBUG - 	 >> Make...'sLogService'<class com.yunqi.common.slog.SLogService>
2018-07-12 20:04:33,468 org.nutz.ioc.impl.ScopeContext.save(ScopeContext.java:65) DEBUG - Save object 'sLogService' to [app] 
2018-07-12 20:04:33,469 org.nutz.ioc.aop.impl.DefaultMirrorFactory.getMirror(DefaultMirrorFactory.java:76) DEBUG - Load class com.yunqi.common.slog.SLogService without AOP
2018-07-12 20:04:33,471 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'dao'<interface org.nutz.dao.Dao>
2018-07-12 20:04:33,703 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [ GET]URI=/xs 286ms
2018-07-12 20:04:34,253 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [GET] path=/xs/captcha : LoginModule.next(LoginModule.java:181)
2018-07-12 20:04:34,254 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
2018-07-12 20:04:34,613 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [ GET]URI=/xs/captcha 359ms
2018-07-12 20:04:37,621 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [POST] path=/xs/doLogin : LoginModule.doLogin(LoginModule.java:83)
2018-07-12 20:04:37,624 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
password == 11
2018-07-12 20:04:37,628 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'sysUserService'<class com.yunqi.modules.service.sys.SysUserService>
2018-07-12 20:04:37,629 org.nutz.dao.impl.sql.run.NutDaoExecutor.printSQL(NutDaoExecutor.java:388) DEBUG - SELECT * FROM sys_user  WHERE name=? LIMIT 0, 1 
    |     1 |
    |-------|
    | admin |
  For example:> "SELECT * FROM sys_user  WHERE name='admin' LIMIT 0, 1 "
user.getPassword()5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f
2018-07-12 20:04:37,642 org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:572) DEBUG - Looked up AuthenticationInfo [/*com.yunqi.modules.bean.sys.Sys_user@47c07bc3*/{"id":"297bd939e833445c920e35e078689751","name":"admin","password":"5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f","salt":"41d1336535da4295aa891fedd4292246","isOnline":true,"locked":false,"loginAt":1531396480,"loginCount":33,"opBy":"","opAt":1531219874,"delFlag":false}] from doGetAuthenticationInfo
2018-07-12 20:04:37,642 org.apache.shiro.realm.AuthenticatingRealm.cacheAuthenticationInfoIfPossible(AuthenticatingRealm.java:510) DEBUG - AuthenticationInfo caching is disabled for info [/*com.yunqi.modules.bean.sys.Sys_user@47c07bc3*/{"id":"297bd939e833445c920e35e078689751","name":"admin","password":"5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f","salt":"41d1336535da4295aa891fedd4292246","isOnline":true,"locked":false,"loginAt":1531396480,"loginCount":33,"opBy":"","opAt":1531219874,"delFlag":false}].  Submitted token: [com.yunqi.common.shiro.realm.CaptchaToken - admin, rememberMe=false (0:0:0:0:0:0:0:1)].
2018-07-12 20:04:37,642 org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:233) DEBUG - Authentication successful for token [com.yunqi.common.shiro.realm.CaptchaToken - admin, rememberMe=false (0:0:0:0:0:0:0:1)].  Returned account [/*com.yunqi.modules.bean.sys.Sys_user@47c07bc3*/{"id":"297bd939e833445c920e35e078689751","name":"admin","password":"5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f","salt":"41d1336535da4295aa891fedd4292246","isOnline":true,"locked":false,"loginAt":1531396480,"loginCount":33,"opBy":"","opAt":1531219874,"delFlag":false}]
2018-07-12 20:04:37,642 org.apache.shiro.subject.support.DefaultSubjectContext.resolveSecurityManager(DefaultSubjectContext.java:101) DEBUG - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
2018-07-12 20:04:37,643 org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:440) DEBUG - Context already contains a session.  Returning.
2018-07-12 20:04:37,643 org.apache.shiro.subject.support.DefaultSubjectContext.resolveSecurityManager(DefaultSubjectContext.java:101) DEBUG - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
2018-07-12 20:04:37,643 org.apache.shiro.web.servlet.SimpleCookie.addCookieHeader(SimpleCookie.java:226) DEBUG - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 11-Jul-2018 12:04:37 GMT]
2018-07-12 20:04:37,643 org.apache.shiro.mgt.AbstractRememberMeManager.onSuccessfulLogin(AbstractRememberMeManager.java:290) DEBUG - AuthenticationToken did not indicate RememberMe is requested.  RememberMe functionality will not be executed for corresponding account.
密码是 == 5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f
2018-07-12 20:04:37,651 org.nutz.dao.impl.sql.run.NutDaoExecutor.printSQL(NutDaoExecutor.java:388) DEBUG - UPDATE sys_user SET loginIp=?,loginAt=?,loginCount=?,isOnline=?  WHERE id=?
    |    1 |          2 |  3 |    4 |                                5 |
    |------|------------|----|------|----------------------------------|
    | NULL | 1531397077 | 34 | true | 297bd939e833445c920e35e078689751 |
  For example:> "UPDATE sys_user SET loginIp=NULL,loginAt=1531397077,loginCount=34,isOnline=true  WHERE id='297bd939e833445c920e35e078689751'"
2018-07-12 20:04:37,751 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [POST]URI=/xs/doLogin 130ms
2018-07-12 20:04:37,758 org.nutz.dao.impl.sql.run.NutDaoExecutor.printSQL(NutDaoExecutor.java:388) DEBUG - INSERT INTO sys_log(name,type,tag,src,ip,msg,param,result,opBy,opAt,delFlag) VALUES(?,?,?,?,?,?,?,?,?,?,?) 
    |     1 |    2 |    3 |                                                4 |               5 |       6 |    7 |    8 |                                9 |         10 |   11 |
    |-------|------|------|--------------------------------------------------|-----------------|---------|------|------|----------------------------------|------------|------|
    | admin | info | 用户登陆 | com.yunqi.modules.module.sys.LoginModule#doLogin | 0:0:0:0:0:0:0:1 | 成功登录系统! | NULL | NULL | 297bd939e833445c920e35e078689751 | 1531397077 | NULL |
  For example:> "INSERT INTO sys_log(name,type,tag,src,ip,msg,param,result,opBy,opAt,delFlag) VALUES('admin','info','用户登陆','com.yunqi.modules.module.sys.LoginModule#doLogin','0:0:0:0:0:0:0:1','成功登录系统!',NULL,NULL,'297bd939e833445c920e35e078689751',1531397077,NULL) "
2018-07-12 20:04:37,759 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [GET] path=/xs/home : HomeModule.home(HomeModule.java:20)
2018-07-12 20:04:37,759 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'homeModule'<class com.yunqi.modules.module.sys.HomeModule>
2018-07-12 20:04:37,759 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:192) DEBUG - 	 >> Load definition name=homeModule
2018-07-12 20:04:37,759 org.nutz.ioc.loader.combo.ComboIocLoader.printFoundIocBean(ComboIocLoader.java:226) DEBUG - Found IocObject(homeModule) in AnnotationIocLoader(packages=[com.yunqi])
2018-07-12 20:04:37,760 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:223) DEBUG - 	 >> Make...'homeModule'<class com.yunqi.modules.module.sys.HomeModule>
2018-07-12 20:04:37,760 org.nutz.ioc.impl.ScopeContext.save(ScopeContext.java:65) DEBUG - Save object 'homeModule' to [app] 
2018-07-12 20:04:37,760 org.nutz.ioc.aop.impl.DefaultMirrorFactory.getMirror(DefaultMirrorFactory.java:76) DEBUG - Load class com.yunqi.modules.module.sys.HomeModule without AOP
2018-07-12 20:04:37,794 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [ GET]URI=/xs/home 35ms

你贴的realm里面是setAuthenticationTokenClass(CaptchaToken.class) 关联的是CaptchaToken, 不是这个类或它的子类的对象,不会走它的

"org.nutz.integration.shiro.SimpleAuthenticationFilter" 是不校验任何密码的,直接pass

CaptchaToken

package cn.wizzer.common.shiro.realm;

import org.apache.shiro.authc.UsernamePasswordToken;

public class CaptchaToken extends UsernamePasswordToken {

	private static final long serialVersionUID = 4676958151524148623L;
	private String captcha;

	public String getCaptcha() {
		return captcha;
	}

	public void setCaptcha(String captcha) {
		this.captcha = captcha;
	}

	public CaptchaToken(String username, String password, boolean rememberMe, String host, String captcha) {
		super(username, password, rememberMe, host);
		this.captcha = captcha;
	}
}

@Filters(@By(type = AuthenticationFilter.class))

AuthenticationFilter是啥??

生成token对象的?

AuthenticationFilter

package cn.wizzer.common.shiro.filter;

import cn.wizzer.common.shiro.realm.CaptchaToken;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;
import org.nutz.mvc.ActionContext;
import org.nutz.mvc.ActionFilter;
import org.nutz.mvc.View;

import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;

public class AuthenticationFilter extends FormAuthenticationFilter implements ActionFilter {
	private String captchaParam = "captcha";

	public String getCaptchaParam() {
		return captchaParam;
	}

	protected String getCaptcha(ServletRequest request) {
		return WebUtils.getCleanParam(request, getCaptchaParam());
	}

	protected AuthenticationToken createToken(HttpServletRequest request) {
		String username = getUsername(request);
		String password = getPassword(request);
		String captcha = getCaptcha(request);
		boolean rememberMe = isRememberMe(request);
		String host = getHost(request);
		return new CaptchaToken(username, password, rememberMe, host, captcha);
	}

	public View match(ActionContext actionContext) {
		HttpServletRequest request = actionContext.getRequest();
		AuthenticationToken authenticationToken = createToken(request);
		request.setAttribute("loginToken", authenticationToken);
		return null;
	}
}

有没有进doGetAuthenticationInfo

	/**
	 * 覆盖父类的验证,直接pass
	 */
	protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException {
	}

有这句就不校验的,删掉咯

2018-07-12 20:28:00,273 org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:572) DEBUG - Looked up AuthenticationInfo [/*com.yunqi.modules.bean.sys.Sys_user@78c9eec7*/{"id":"297bd939e833445c920e35e078689751","name":"admin","password":"5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f","salt":"41d1336535da4295aa891fedd4292246","isOnline":true,"locked":false,"loginAt":1531397077,"loginCount":34,"opBy":"","opAt":1531219874,"delFlag":false}] from doGetAuthenticationInfo
2018-07-12 20:28:00,273 org.apache.shiro.realm.AuthenticatingRealm.cacheAuthenticationInfoIfPossible(AuthenticatingRealm.java:510) DEBUG - AuthenticationInfo caching is disabled for info [/*com.yunqi.modules.bean.sys.Sys_user@78c9eec7*/{"id":"297bd939e833445c920e35e078689751","name":"admin","password":"5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f","salt":"41d1336535da4295aa891fedd4292246","isOnline":true,"locked":false,"loginAt":1531397077,"loginCount":34,"opBy":"","opAt":1531219874,"delFlag":false}].  Submitted token: [com.yunqi.common.shiro.realm.CaptchaToken - admin, rememberMe=false (0:0:0:0:0:0:0:1)].
2018-07-12 20:28:00,273 org.apache.shiro.authc.credential.SimpleCredentialsMatcher.equals(SimpleCredentialsMatcher.java:96) DEBUG - Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String]
2018-07-12 20:28:00,274 org.apache.shiro.authc.credential.SimpleCredentialsMatcher.equals(SimpleCredentialsMatcher.java:102) DEBUG - Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison
2018-07-12 20:28:00,274 org.apache.shiro.web.servlet.SimpleCookie.addCookieHeader(SimpleCookie.java:226) DEBUG - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 11-Jul-2018 12:28:00 GMT]
2018-07-12 20:28:00,279 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [POST]URI=/xs/doLogin 30ms
2018-07-12 20:28:00,287 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [GET] path=/xs/captcha : LoginModule.next(LoginModule.java:181)
2018-07-12 20:28:00,287 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
2018-07-12 20:28:00,320 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [ GET]URI=/xs/captcha 32ms
2018-07-12 20:28:07,227 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [POST] path=/xs/doLogin : LoginModule.doLogin(LoginModule.java:83)
2018-07-12 20:28:07,227 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
password == 123456
2018-07-12 20:28:07,228 org.nutz.dao.impl.sql.run.NutDaoExecutor.printSQL(NutDaoExecutor.java:388) DEBUG - SELECT * FROM sys_user  WHERE name=? LIMIT 0, 1 
    |     1 |
    |-------|
    | admin |
  For example:> "SELECT * FROM sys_user  WHERE name='admin' LIMIT 0, 1 "
user.getPassword()5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f
2018-07-12 20:28:07,229 org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:572) DEBUG - Looked up AuthenticationInfo [/*com.yunqi.modules.bean.sys.Sys_user@449a20e4*/{"id":"297bd939e833445c920e35e078689751","name":"admin","password":"5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f","salt":"41d1336535da4295aa891fedd4292246","isOnline":true,"locked":false,"loginAt":1531397077,"loginCount":34,"opBy":"","opAt":1531219874,"delFlag":false}] from doGetAuthenticationInfo
2018-07-12 20:28:07,230 org.apache.shiro.realm.AuthenticatingRealm.cacheAuthenticationInfoIfPossible(AuthenticatingRealm.java:510) DEBUG - AuthenticationInfo caching is disabled for info [/*com.yunqi.modules.bean.sys.Sys_user@449a20e4*/{"id":"297bd939e833445c920e35e078689751","name":"admin","password":"5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f","salt":"41d1336535da4295aa891fedd4292246","isOnline":true,"locked":false,"loginAt":1531397077,"loginCount":34,"opBy":"","opAt":1531219874,"delFlag":false}].  Submitted token: [com.yunqi.common.shiro.realm.CaptchaToken - admin, rememberMe=false (0:0:0:0:0:0:0:1)].
2018-07-12 20:28:07,230 org.apache.shiro.authc.credential.SimpleCredentialsMatcher.equals(SimpleCredentialsMatcher.java:96) DEBUG - Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String]
2018-07-12 20:28:07,230 org.apache.shiro.authc.credential.SimpleCredentialsMatcher.equals(SimpleCredentialsMatcher.java:102) DEBUG - Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison
2018-07-12 20:28:07,230 org.apache.shiro.web.servlet.SimpleCookie.addCookieHeader(SimpleCookie.java:226) DEBUG - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 11-Jul-2018 12:28:07 GMT]
2018-07-12 20:28:07,231 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [POST]URI=/xs/doLogin 4ms
2018-07-12 20:28:07,234 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [GET] path=/xs/captcha : LoginModule.next(LoginModule.java:181)
2018-07-12 20:28:07,234 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
2018-07-12 20:28:07,246 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [ GET]URI=/xs/captcha 12ms
2018-07-12 20:28:11,954 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [GET] path=/xs/login : LoginModule.login(LoginModule.java:72)
2018-07-12 20:28:11,955 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
2018-07-12 20:28:11,955 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [ GET]URI=/xs/login 0ms
2018-07-12 20:28:11,968 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [GET] path=/xs/captcha : LoginModule.next(LoginModule.java:181)
2018-07-12 20:28:11,969 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
2018-07-12 20:28:11,982 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [ GET]URI=/xs/captcha 14ms
2018-07-12 20:28:16,218 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [POST] path=/xs/doLogin : LoginModule.doLogin(LoginModule.java:83)
2018-07-12 20:28:16,219 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
password == 123456
2018-07-12 20:28:16,219 org.nutz.dao.impl.sql.run.NutDaoExecutor.printSQL(NutDaoExecutor.java:388) DEBUG - SELECT * FROM sys_user  WHERE name=? LIMIT 0, 1 
    |     1 |
    |-------|
    | admin |
  For example:> "SELECT * FROM sys_user  WHERE name='admin' LIMIT 0, 1 "
user.getPassword()5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f
2018-07-12 20:28:16,222 org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:572) DEBUG - Looked up AuthenticationInfo [/*com.yunqi.modules.bean.sys.Sys_user@74f5675*/{"id":"297bd939e833445c920e35e078689751","name":"admin","password":"5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f","salt":"41d1336535da4295aa891fedd4292246","isOnline":true,"locked":false,"loginAt":1531397077,"loginCount":34,"opBy":"","opAt":1531219874,"delFlag":false}] from doGetAuthenticationInfo
2018-07-12 20:28:16,223 org.apache.shiro.realm.AuthenticatingRealm.cacheAuthenticationInfoIfPossible(AuthenticatingRealm.java:510) DEBUG - AuthenticationInfo caching is disabled for info [/*com.yunqi.modules.bean.sys.Sys_user@74f5675*/{"id":"297bd939e833445c920e35e078689751","name":"admin","password":"5ec0dbfa19a850eeedcaba3bb9fc0372f60c6e815c9dffad14afdab68866641f","salt":"41d1336535da4295aa891fedd4292246","isOnline":true,"locked":false,"loginAt":1531397077,"loginCount":34,"opBy":"","opAt":1531219874,"delFlag":false}].  Submitted token: [com.yunqi.common.shiro.realm.CaptchaToken - admin, rememberMe=false (0:0:0:0:0:0:0:1)].
2018-07-12 20:28:16,223 org.apache.shiro.authc.credential.SimpleCredentialsMatcher.equals(SimpleCredentialsMatcher.java:96) DEBUG - Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String]
2018-07-12 20:28:16,223 org.apache.shiro.authc.credential.SimpleCredentialsMatcher.equals(SimpleCredentialsMatcher.java:102) DEBUG - Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison
2018-07-12 20:28:16,224 org.apache.shiro.web.servlet.SimpleCookie.addCookieHeader(SimpleCookie.java:226) DEBUG - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 11-Jul-2018 12:28:16 GMT]
2018-07-12 20:28:16,224 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [POST]URI=/xs/doLogin 6ms
2018-07-12 20:28:16,232 org.nutz.mvc.impl.UrlMappingImpl.get(UrlMappingImpl.java:101) DEBUG - Found mapping for [GET] path=/xs/captcha : LoginModule.next(LoginModule.java:181)
2018-07-12 20:28:16,232 org.nutz.ioc.impl.NutIoc.get(NutIoc.java:166) DEBUG - Get 'loginModule'<class com.yunqi.modules.module.sys.LoginModule>
2018-07-12 20:28:16,265 com.yunqi.common.processor.LogTimeProcessor.process(LogTimeProcessor.java:24) DEBUG - [ GET]URI=/xs/captcha 33ms

那就对咯, 要配hash类型, 迭代次数, salt等等的, 所以我都是在入口方法里面做校验, shiro里面直接pass

人家配好了,你只是抄了个大概

添加回复
请先登陆
回到顶部