shiro 加密认证失败

一月 09, 2018 11:04:54 上午 org.apache.catalina.core.AprLifecycleListener init
信息: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: D:\WeX5_V3.7\java\jre1.8\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;D:/WeX5_V3.7/studio//../java/jre1.8/bin/client;D:/WeX5_V3.7/studio//../java/jre1.8/bin;D:/WeX5_V3.7/studio//../java/jre1.8/lib/i386;C:\Windows;C:\Windows\System32;E:\Oracle\product\12.2.0\dbhome_1\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;C:\Program Files\Git\cmd;C:\Program Files\mingw-w64\x86_64-7.2.0-posix-seh-rt_v5-rev0\mingw64\bin;C:\Users\liuyc\Anaconda2\Library\bin\graphviz;C:\Users\liuyc\AppData\Local\Microsoft\WindowsApps;;D:\WeX5_V3.7\studio;;.
一月 09, 2018 11:04:54 上午 org.apache.coyote.http11.Http11Protocol init
信息: Initializing Coyote HTTP/1.1 on http-8080
一月 09, 2018 11:04:54 上午 org.apache.catalina.startup.Catalina load
信息: Initialization processed in 338 ms
一月 09, 2018 11:04:54 上午 org.apache.catalina.core.StandardService start
信息: Starting service Catalina
一月 09, 2018 11:04:54 上午 org.apache.catalina.core.StandardEngine start
信息: Starting Servlet Engine: Apache Tomcat/6.0.41
一月 09, 2018 11:04:54 上午 org.apache.catalina.startup.HostConfig deployDescriptor
信息: Deploying configuration descriptor baas.xml
一月 09, 2018 11:04:54 上午 org.apache.catalina.loader.WebappClassLoader validateJarFile
信息: validateJarFile(D:\WeX5_V3.7\apache-tomcat\webapps\..\..\runtime\BaasServer\WEB-INF\lib\servlet-api.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
一月 09, 2018 11:04:54 上午 org.apache.catalina.core.ApplicationContext log
信息: Initializing Shiro environment
[main] INFO org.apache.shiro.web.env.EnvironmentLoader - Starting Shiro environment initialization.
[main] INFO org.apache.shiro.config.ReflectionBuilder - An instance with name 'authc' already exists.  Redefining this object as a new instance of type org.nutz.integration.shiro.SimpleAuthenticationFilter
[main] INFO org.apache.shiro.web.env.EnvironmentLoader - Shiro environment initialized in 301 ms.
log4j:ERROR Could not find value for key log4j.appender.INFO
log4j:ERROR Could not instantiate appender named "INFO".
2018-01-09 11:04:55 NutFilter[nutz] starting ...
2018-01-09 11:04:55 Locations count=4 time use 9ms
2018-01-09 11:04:55 Locations count=61 time use 38ms
2018-01-09 11:04:55 Loading by class org.nutz.mvc.impl.NutLoading
2018-01-09 11:04:55 Nutz Version : 1.r.63-20171115 
2018-01-09 11:04:55 Nutz.Mvc[nutz] is initializing ...
2018-01-09 11:04:55 Web Container Information:
2018-01-09 11:04:55  - Default Charset : GBK
2018-01-09 11:04:55  - Current . path  : D:\WeX5_V3.7\studio\.
2018-01-09 11:04:55  - Java Version    : 1.8.0_73
2018-01-09 11:04:55  - File separator  : \
2018-01-09 11:04:55  - Timezone        : Asia/Shanghai
2018-01-09 11:04:55  - OS              : Windows 10 x86
2018-01-09 11:04:55  - ServerInfo      : Apache Tomcat/6.0.41
2018-01-09 11:04:55  - Servlet API     : 2.5
2018-01-09 11:04:55  - ContextPath     : /baas
2018-01-09 11:04:55  - context.tempdir : D:\WeX5_V3.7\apache-tomcat\work\Catalina\localhost\baas
2018-01-09 11:04:55  - MainModule      : com.naxxm.MainModule
2018-01-09 11:04:55 >> app.root = D:/WeX5_V3.7/apache-tomcat/webapps/../../runtime/BaasServer
2018-01-09 11:04:55 Using 95 castor for Castors
2018-01-09 11:04:55 @IocBy(type=org.nutz.mvc.ioc.provider.ComboIocProvider, args=["*js", "ioc/", "*async", "*tx", "*anno", "com.naxxm"],init=[])
2018-01-09 11:04:55 Found 2 resource by src( ioc/ ) , regex( ^(.+[.])(js|json)$ )
2018-01-09 11:04:55 loading [conf.js]
2018-01-09 11:04:55 loading [dao.js]
2018-01-09 11:04:55 Loaded 3 bean define from path=[ioc/] --> [dataSource, conf, dao]
2018-01-09 11:04:55 Load AopConfigure for anno=org.nutz.aop.interceptor.async.Async by type=org.nutz.aop.interceptor.async.AsyncAopIocLoader
2018-01-09 11:04:55 Loaded 5 bean define from reader --
[txREPEATABLE_READ, txSERIALIZABLE, txNONE, txREAD_UNCOMMITTED, txREAD_COMMITTED]
2018-01-09 11:04:55 Found 24 resource by src( com/naxxm/ ) , regex( ^.+[.]class$ )
2018-01-09 11:04:55 Found @IocBean : class com.naxxm.action.GoodsAction
2018-01-09 11:04:55 Found @IocBean : class com.naxxm.action.OrderAction
2018-01-09 11:04:55 Found @IocBean : class com.naxxm.modules.login.LoginAction
2018-01-09 11:04:55 Found @IocBean : class com.naxxm.service.FoodService
2018-01-09 11:04:55 Found @IocBean : class com.naxxm.shiro.handlers.ShiroHandler
2018-01-09 11:04:55 Found 5 classes in 1 base-packages!
beans = ["goodsAction", "foodService", "loginAction", "shiroHandler", "orderAction"]
2018-01-09 11:04:55 NutIoc init begin ...
2018-01-09 11:04:55 ... NutIoc init complete
2018-01-09 11:04:55 Build URL mapping by org.nutz.mvc.impl.UrlMappingImpl ...
2018-01-09 11:04:55 @Views(DefaultViewMaker.class)
2018-01-09 11:04:55 @ChainBy(org.nutz.mvc.impl.NutActionChainMaker)
2018-01-09 11:04:55  > scan 'com.naxxm'
2018-01-09 11:04:55 Found 24 resource by src( com/naxxm/ ) , regex( ^.+[.]class$ )
2018-01-09 11:04:55    >> add 'com.naxxm.action.GoodsAction'
2018-01-09 11:04:55    >> add 'com.naxxm.action.OrderAction'
2018-01-09 11:04:55    >> add 'com.naxxm.modules.login.LoginAction'
2018-01-09 11:04:55    >> add 'com.naxxm.shiro.handlers.ShiroHandler'
2018-01-09 11:04:55 module class location 'file:/D:/WeX5_V3.7/runtime/BaasServer/WEB-INF/classes/com/naxxm/MainModule.class'
2018-01-09 11:04:55  > scan 'com.naxxm'
2018-01-09 11:04:55 Found 24 resource by src( com/naxxm/ ) , regex( ^.+[.]class$ )
2018-01-09 11:04:55    >> add 'com.naxxm.action.GoodsAction'
2018-01-09 11:04:55    >> add 'com.naxxm.action.OrderAction'
2018-01-09 11:04:55    >> add 'com.naxxm.modules.login.LoginAction'
2018-01-09 11:04:55    >> add 'com.naxxm.shiro.handlers.ShiroHandler'
2018-01-09 11:04:55 Use org.nutz.mvc.impl.NutEntryDeterminer as EntryMethodDeterminer
2018-01-09 11:04:55 Optional processor class not found, disabled : org.nutz.plugins.validation.ValidationProcessor
2018-01-09 11:04:55    '/naxxm/javabean/goods/queryAction' >> (GoodsAction.java:72).query           : JSONObject | @Ok(json ) @Fail(raw  ) | by 0 Filters | (I:UTF-8/O:UTF-8)
2018-01-09 11:04:55    '/naxxm/javabean/goods/save' >> (GoodsAction.java:138).saveAction     : void       | @Ok(json ) @Fail(raw  ) | by 0 Filters | (I:UTF-8/O:UTF-8)
2018-01-09 11:04:55    '/naxxm/javabean/goods/queryClassAction' >> (GoodsAction.java:48).queryclass      : JSONObject | @Ok(json ) @Fail(raw  ) | by 0 Filters | (I:UTF-8/O:UTF-8)
2018-01-09 11:04:55    '/naxxm/javabean/goods/queryVIPAction' >> (GoodsAction.java:105).queryVIP       : JSONObject | @Ok(json ) @Fail(raw  ) | by 0 Filters | (I:UTF-8/O:UTF-8)
2018-01-09 11:04:55    '/naxxm/login/loginAction'  >> (LoginAction.java:34).login           : JSONObject | @Ok(json ) @Fail(raw  ) | by 0 Filters | (I:UTF-8/O:UTF-8)
2018-01-09 11:04:55    '/ecoolper/order/queryAction' >> (OrderAction.java:38).query           : JSONObject | @Ok(json ) @Fail(raw  ) | by 0 Filters | (I:UTF-8/O:UTF-8)
2018-01-09 11:04:55    '/ecoolper/order/saveAction' >> (OrderAction.java:70).saveAction      : void       | @Ok(raw  ) @Fail(raw  ) | by 0 Filters | (I:UTF-8/O:UTF-8)
2018-01-09 11:04:55 Duplicate @At mapping ? path=/naxxm/login/loginAction
2018-01-09 11:04:55    '/naxxm/login/loginAction'  >> (ShiroHandler.java:41).login          : JSONObject | @Ok(json ) @Fail(raw  ) | by 0 Filters | (I:UTF-8/O:UTF-8)
2018-01-09 11:04:55 Found 8 module methods
2018-01-09 11:04:55 @Localization not define
2018-01-09 11:04:55 SessionBy --> org.nutz.integration.shiro.ShiroSessionProvider@1b759d6
2018-01-09 11:04:55 Setup application...
2018-01-09 11:04:55 Get 'dao'<interface org.nutz.dao.Dao>
2018-01-09 11:04:55 Get '$aop_async'<interface org.nutz.ioc.aop.config.AopConfigration>
2018-01-09 11:04:55 	 >> Load definition name=$aop_async
2018-01-09 11:04:55 Found IocObject($aop_async) in AsyncAopIocLoader@32299666
2018-01-09 11:04:55 	 >> Make...'$aop_async'<interface org.nutz.ioc.aop.config.AopConfigration>
2018-01-09 11:04:55 Save object '$aop_async' to [app] 
2018-01-09 11:04:55 Load AopConfigure for anno=org.nutz.ioc.aop.Aop by type=org.nutz.ioc.aop.config.impl.AnnotationAopConfigration
2018-01-09 11:04:55 	 >> Load definition name=dao
2018-01-09 11:04:55 Loading define for name=dao
2018-01-09 11:04:55 Found IocObject(dao) in JsonLoader(paths=[ioc/])
2018-01-09 11:04:55 	 >> Make...'dao'<interface org.nutz.dao.Dao>
2018-01-09 11:04:55 Save object 'dao' to [app] 
2018-01-09 11:04:55 Get 'dataSource'<>
2018-01-09 11:04:55 	 >> Load definition name=dataSource
2018-01-09 11:04:55 Loading define for name=dataSource
2018-01-09 11:04:55 Found IocObject(dataSource) in JsonLoader(paths=[ioc/])
2018-01-09 11:04:55 	 >> Make...'dataSource'<>
2018-01-09 11:04:55 Save object 'dataSource' to [app] 
2018-01-09 11:04:55 Load class com.alibaba.druid.pool.DruidDataSource without AOP
2018-01-09 11:04:55 {dataSource-1} inited
2018-01-09 11:04:55 Load class org.nutz.dao.impl.NutDao without AOP
2018-01-09 11:04:55 Get 'dataSource'<>
2018-01-09 11:04:55 Jdbcs init complete
2018-01-09 11:04:55 Get Connection from DataSource for JdbcExpert, if you lock at here, check your database server and configure
2018-01-09 11:04:55 select expert : org.nutz.dao.impl.jdbc.sqlserver2005.Sqlserver2005JdbcExpert
2018-01-09 11:04:55 JDBC Driver --> 1.2
2018-01-09 11:04:55 JDBC Name   --> jTDS Type 4 JDBC Driver for MS SQL Server and Sybase
2018-01-09 11:04:55 JDBC URL    --> jdbc:jtds:sqlserver://127.0.0.1:1433/testdb_sys
2018-01-09 11:04:55 Database info --> SQLSERVER:[Microsoft SQL Server - 09.00.5000]
2018-01-09 11:04:55 Found 24 resource by src( com/naxxm/ ) , regex( ^.+[.]class$ )
2018-01-09 11:04:55 SELECT COUNT(*) FROM t_sys_employee 
2018-01-09 11:04:55 Nutz.Mvc[nutz] is up in 728ms
log4j:ERROR Could not find value for key log4j.appender.INFO
log4j:ERROR Could not instantiate appender named "INFO".
一月 09, 2018 11:04:55 上午 org.apache.catalina.startup.HostConfig deployDescriptor
信息: Deploying configuration descriptor host-manager.xml
一月 09, 2018 11:04:55 上午 org.apache.catalina.startup.HostConfig deployDescriptor
信息: Deploying configuration descriptor manager.xml
一月 09, 2018 11:04:56 上午 org.apache.catalina.startup.HostConfig deployDescriptor
信息: Deploying configuration descriptor PushServer.xml
2018-01-09 11:04:56 PushServer stop
一月 09, 2018 11:04:56 上午 org.apache.catalina.startup.HostConfig deployDescriptor
信息: Deploying configuration descriptor x5.xml
[JUSTEP_HOME in UIServer]: D:\WeX5_V3.7
一月 09, 2018 11:04:56 上午 org.apache.catalina.startup.HostConfig deployDirectory
信息: Deploying web application directory app-template
一月 09, 2018 11:04:56 上午 org.apache.catalina.startup.HostConfig deployDirectory
信息: Deploying web application directory docs
一月 09, 2018 11:04:56 上午 org.apache.catalina.startup.HostConfig deployDirectory
信息: Deploying web application directory examples
一月 09, 2018 11:04:57 上午 org.apache.catalina.core.ApplicationContext log
信息: ContextListener: contextInitialized()
一月 09, 2018 11:04:57 上午 org.apache.catalina.core.ApplicationContext log
信息: SessionListener: contextInitialized()
一月 09, 2018 11:04:57 上午 org.apache.catalina.startup.HostConfig deployDirectory
信息: Deploying web application directory ROOT
一月 09, 2018 11:04:57 上午 org.apache.coyote.http11.Http11Protocol start
信息: Starting Coyote HTTP/1.1 on http-8080
一月 09, 2018 11:04:57 上午 org.apache.jk.common.ChannelSocket init
信息: JK: ajp13 listening on /0.0.0.0:8009
一月 09, 2018 11:04:57 上午 org.apache.jk.server.JkMain start
信息: Jk running ID=0 time=0/12  config=null
一月 09, 2018 11:04:57 上午 org.apache.catalina.startup.Catalina start
信息: Server startup in 2642 ms
2018-01-09 11:05:00 开始-WINDOW生成中间文件: /UI2/shopMgr/index.w
2018-01-09 11:05:00 加载模块：/UI2/system/components/justep/window/server ...
2018-01-09 11:05:00 加载模块：/UI2/system/components/justep/window/server 
2018-01-09 11:05:00 加载模块：/UI2/system/components/justep/model/server ...
2018-01-09 11:05:00 加载模块：/UI2/system/components/justep/model/server 
2018-01-09 11:05:00 加载模块：/UI2/system/components/justep/contents/server ...
2018-01-09 11:05:00 加载模块：/UI2/system/components/justep/common/server ...
2018-01-09 11:05:00 加载模块：/UI2/system/resources ...
2018-01-09 11:05:00 加载模块：/UI2/system/resources 
2018-01-09 11:05:00 加载模块：/UI2/system/components/justep/common/server 
2018-01-09 11:05:00 加载模块：/UI2/system/components/justep/contents/server 
2018-01-09 11:05:00 加载模块：/UI2/system/components/justep/windowContainer/server ...
2018-01-09 11:05:00 加载模块：/UI2/system/components/justep/windowContainer/server 
2018-01-09 11:05:00 结束-WINDOW生成中间文件: /UI2/shopMgr/index.w
2018-01-09 11:05:00 开始-中间文件生成缓存文件: /UI2/shopMgr/index.w
2018-01-09 11:05:01 结束-中间文件生成缓存文件: /UI2/shopMgr/index.w
2018-01-09 11:05:01 加载模块：/UI2/system/service/common ...
2018-01-09 11:05:01 加载模块：/UI2/system/service/common 
2018-01-09 11:05:01 开始-WINDOW生成中间文件: /UI2/shopMgr/login.w
2018-01-09 11:05:01 加载模块：/UI2/system/components/justep/panel/server ...
2018-01-09 11:05:01 加载模块：/UI2/system/components/justep/panel/server 
2018-01-09 11:05:01 加载模块：/UI2/system/components/justep/titleBar/server ...
2018-01-09 11:05:01 加载模块：/UI2/system/components/justep/titleBar/server 
2018-01-09 11:05:01 结束-WINDOW生成中间文件: /UI2/shopMgr/login.w
2018-01-09 11:05:01 开始-中间文件生成缓存文件: /UI2/shopMgr/login.w
2018-01-09 11:05:01 结束-中间文件生成缓存文件: /UI2/shopMgr/login.w
2018-01-09 11:05:07 Found mapping for [POST] path=/naxxm/login/loginAction : ShiroHandler.login(ShiroHandler.java:41)
2018-01-09 11:05:07 Get 'shiroHandler'<class com.naxxm.shiro.handlers.ShiroHandler>
2018-01-09 11:05:07 	 >> Load definition name=shiroHandler
2018-01-09 11:05:07 Found IocObject(shiroHandler) in AnnotationIocLoader(packages=[com.naxxm])
2018-01-09 11:05:07 	 >> Make...'shiroHandler'<class com.naxxm.shiro.handlers.ShiroHandler>
2018-01-09 11:05:07 Save object 'shiroHandler' to [app] 
2018-01-09 11:05:07 Load class com.naxxm.shiro.handlers.ShiroHandler without AOP
2018-01-09 11:05:07 Get 'dao'<interface org.nutz.dao.Dao>
1.--->20602399
1. 20602399
[FirstRealm] doGetAuthenticationInfo
1.--->20602399
从数据库中获取 username: admin 所对应的用户信息.
nutzdao_realm
info:admin
登录失败: Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=false] did not match the expected credentials.
2018-01-09 11:05:07 Error@/naxxm/login/loginAction :
java.lang.NullPointerException
	at com.naxxm.shiro.handlers.ShiroHandler.login(ShiroHandler.java:82)
	at com.naxxm.shiro.handlers.ShiroHandler$FM$login$28937752d39234598695f93b24457009.invoke(ShiroHandler.java)
	at org.nutz.mvc.impl.processor.MethodInvokeProcessor.process(MethodInvokeProcessor.java:31)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.AdaptorProcessor.process(AdaptorProcessor.java:30)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.ActionFiltersProcessor.process(ActionFiltersProcessor.java:58)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.integration.shiro.NutShiroProcessor.process(NutShiroProcessor.java:126)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.ModuleProcessor.process(ModuleProcessor.java:123)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.EncodingProcessor.process(EncodingProcessor.java:27)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.UpdateRequestAttributesProcessor.process(UpdateRequestAttributesProcessor.java:15)
	at org.nutz.mvc.impl.NutActionChain.doChain(NutActionChain.java:44)
	at org.nutz.mvc.impl.ActionInvoker.invoke(ActionInvoker.java:67)
	at org.nutz.mvc.ActionHandler.handle(ActionHandler.java:31)
	at org.nutz.mvc.NutFilter.doFilter(NutFilter.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:123)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
	at java.lang.Thread.run(Thread.java:745)

package com.naxxm.shiro.realms;

import java.util.HashSet;
import java.util.Set;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.nutz.dao.Cnd;
import org.nutz.dao.Dao;
import org.nutz.mvc.Mvcs;

import com.naxxm.javabean.SysEmployee;
 
public class DaoRealm extends AuthorizingRealm {
	 protected Dao _dao;
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken token) throws AuthenticationException {
		System.out.println("[FirstRealm] doGetAuthenticationInfo");
		
		//1. 把 AuthenticationToken 转换为 UsernamePasswordToken 
		UsernamePasswordToken upToken = (UsernamePasswordToken) token;
		System.out.println("1.--->"+ token.hashCode());
		//2. 从 UsernamePasswordToken 中来获取 username  
		String username = upToken.getUsername();
		//3. 调用数据库的方法, 从数据库中查询 username 对应的用户记录  
		
		//SysEmployee user = dao().fetch(SysEmployee.class,Cnd.where("name" ,"=", username));
		

		System.out.println("从数据库中获取 username: " + username + " 所对应的用户信息."); 
		
		//4. 若用户不存在, 则可以抛出 UnknownAccountException 异常 
		if("unknow".equals(username)){
			throw new UnknownAccountException("用户不存在!"); 
		}
		
		//5. 根据用户信息的情况, 决定是否需要抛出其他的 AuthenticationException 异常. 
		if("monster".equals(username)){
			throw new LockedAccountException("用户被锁定"); 
		}
		
		//6. 根据用户的情况, 来构建 AuthenticationInfo 对象并返回. 通常使用的实现类为: SimpleAuthenticationInfo
		//以下信息是从数据库中获取的.
		//1). principal: 认证的实体信息. 可以是 username, 也可以是数据表对应的用户的实体类对象. 
		Object principal = username;
		//2). credentials: 密码. 
		Object credentials = null;  //"fc1709d0a95a6be30bc5926fdb7f22f4";
		if("admin".equals(username)){
			credentials = "038bdaf98f2037b31f1e75b5b4c9b26e";
		}else if("user".equals(username)){
			credentials = "098d2c478e9c11555ce2823231e02ec1";  
		}
		
		//3). realmName: 当前 realm 对象的 name. 调用父类的 getName() 方法即可
		String realmName = getName();
		System.out.println(realmName); 
		//4). 盐值.
		ByteSource credentialsSalt = ByteSource.Util.bytes(username); 
		
		SimpleAuthenticationInfo info = null; //new SimpleAuthenticationInfo(principal, credentials, realmName);
		info = new SimpleAuthenticationInfo(principal, credentials,credentialsSalt, realmName);   
		System.out.println("info:" + info);
		return info;
	}

	public static void main(String[] args) { 
		String hashAlgorithmName = "MD5";
		Object credentials = "123456";
		Object salt = ByteSource.Util.bytes("admin");
		int hashIterations = 1024;
		
		Object result = new SimpleHash(hashAlgorithmName, credentials ,salt, hashIterations);
		System.out.println(result); 
	}

	//授权会被 shiro 回调的方法
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(
			PrincipalCollection principals) {
		//1. 从 PrincipalCollection 中来获取登录用户的信息
		Object principal = principals.getPrimaryPrincipal();
		
		//2. 利用登录的用户的信息来用户当前用户的角色或权限(可能需要查询数据库)
		Set<String> roles = new HashSet<>();
		roles.add("user");
		if("admin".equals(principal)){
			roles.add("admin");
		}
		
		//3. 创建 SimpleAuthorizationInfo, 并设置其 reles 属性.
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles);
		
		//4. 返回 SimpleAuthorizationInfo 对象. 
		return info;
	}
	
	 public Dao dao() {
	        if (_dao == null) {
	            _dao = Mvcs.ctx().getDefaultIoc().get(Dao.class, "dao");
	            return _dao;
	        }
	        return _dao;
	    }

	    public void setDao(Dao dao) {
	        this._dao = dao;
	    }
}

wendal

1楼•2291天前

是ShiroHandler报错呢

java.lang.NullPointerException
	at com.naxxm.shiro.handlers.ShiroHandler.login(ShiroHandler.java:82)
	at com.naxxm.shiro.handlers.ShiroHandler$FM$login$28937752d39234598695f93b24457009.invoke(ShiroHandler.java)

naxxm(liuyongchao)

2楼•2291天前

嗯，那个报错知道了，但是登陆i失败能帮我看下哪里出错了吗？我都没走数据库，单纯的加密解密，怎么报错呢

2018-01-09 11:15:26 Found mapping for [POST] path=/naxxm/login/loginAction : ShiroHandler.login(ShiroHandler.java:41)
2018-01-09 11:15:26 Get 'shiroHandler'<class com.naxxm.shiro.handlers.ShiroHandler>
1.--->15039002
1. 15039002
[FirstRealm] doGetAuthenticationInfo
1.--->15039002
从数据库中获取 username: admin 所对应的用户信息.
nutzdao_realm
info:admin
登录失败: Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=false] did not match the expected credentials.

wendal

3楼•2291天前

因为密码不对吧, 用SimpleShiroToken多好, 根本不需要在shiro内部处理密码问题

naxxm(liuyongchao)

4楼•2291天前

应该是密码迭代次数和密码加密类型MD5没设置，请问要在哪里设置呢？shiro方法比较通用写视频资源比较多，没有用SimpleShiroToken，请问要怎么设置呢？

wendal

5楼•2291天前

shiro.ini里面

wendal

6楼•2291天前

"shiro方法比较通用写视频资源比较多"是啥意思

naxxm(liuyongchao)

7楼•2290天前

shiro认证配置

shiro.ini

[main]
credentialsMatcher=org.apache.shiro.authc.credential.HashedCredentialsMatcher  
credentialsMatcher.hashAlgorithmName=MD5  
credentialsMatcher.hashIterations=10000
nutz_realm=com.naxxm.shiro.realms.MyRealm
nutz_realm.credentialsMatcher=$credentialsMatcher
#authc = org.nutz.integration.shiro.SimpleAuthenticationFilter
#authc.loginUrl  = /naxxm/login
#logout.redirectUrl= /naxxm/login
MyRealm.java
package com.naxxm.shiro.realms;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.util.ByteSource;
import org.nutz.dao.Dao;
import org.nutz.mvc.Mvcs;
public class MyRealm extends AuthenticatingRealm {
    protected Dao _dao;
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        // 将AuthenticationToken对象转换成UsernamePasswordToken对象
        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        System.out.println("test2.--->" + token.hashCode());
        // 获取UsernamePasswordToken中的用户名
        String username = upToken.getUsername();
        // 从数据库中查询 username 对应的用户记录
        System.out.println("从数据库中查找" + username + "的信息");
        // 若用户的信息不存在，则抛出UnknownAccountException异常。
        if ("unknown".equals(username)) {
            throw new UnknownAccountException("用户不存在");
        }
        // 根据用户的信息进行反馈，则抛出LockedAccountException异常。
        if ("han".equals(username)) {
            throw new LockedAccountException("用户被锁定");
        }
        // 根据用户的信息来封装SimpleAuthenticationInfo对象。
        // 当前 realm 对象的 name
        String realmName = getName();
        // 认证的实体信息。
        Object principal = username;
        // 密码
        Object hashedCredentials = null;
        if ("admin".equals(username)) {
            hashedCredentials = "2abec21dc41c75c88cb87e7306c5e75f";
            System.out.println("2abec21dc41c75c88cb87e7306c5e75f");
        } else if ("zhao".equals(username)) {
            hashedCredentials = "399503120959cd94972d6d5f3a9d4c61";
        }
        // 盐值
        ByteSource credentialsSalt = ByteSource.Util.bytes(username);
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(principal, hashedCredentials, credentialsSalt, realmName);
        return info;
    }
    /**
     * 明文密码进行加密
     * 
     * @param args
     */
    public static void main(String[] args) {
        int hashIterations = 10000;// 加密的次数
        Object salt = "admin";// 盐值
        Object credentials = "123456";// 密码
        String hashAlgorithmName = "MD5";// 加密方式
        Object simpleHash = new SimpleHash(hashAlgorithmName, credentials, salt, hashIterations);
        System.out.println("加密后的值----->" + simpleHash);
    }
    public Dao dao() {
        if (_dao == null) {
            _dao = Mvcs.ctx().getDefaultIoc().get(Dao.class, "dao");
            return _dao;
        }
        return _dao;
    }
    public void setDao(Dao dao) {
        this._dao = dao;
    }
}
TestCustomRealmMd5.java

package com.naxxm.shiro.handlers;
import java.sql.SQLException;
import javax.servlet.http.HttpSession;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.nutz.dao.Dao;
import org.nutz.ioc.loader.annotation.Inject;
import org.nutz.ioc.loader.annotation.IocBean;
import org.nutz.log.Log;
import org.nutz.log.Logs;
import org.nutz.mvc.adaptor.JsonAdaptor;
import org.nutz.mvc.annotation.AdaptBy;
import org.nutz.mvc.annotation.At;
import org.nutz.mvc.annotation.Ok;
import org.nutz.mvc.annotation.Param;
import com.alibaba.fastjson.JSONObject;
@IocBean
@At("/naxxm/login")
/**
 * @author liuyc
 * */
public class TestCustomRealmMd5 {
    private static final Log Log = Logs.get();
    private static final Object[] Byte = null;
    @Inject    
    private Dao dao;
    // 登录方法
    @At("/loginAction")
    @Ok("json")
    @AdaptBy(type = JsonAdaptor.class)
    public JSONObject login(@Param("..") JSONObject params, HttpSession session) throws ClassNotFoundException, SQLException {          
        String username = params.getString("name");
        String password = params.getString("password");
        // 如果已经登陆过,直接返回真
        Subject currentUser = SecurityUtils.getSubject();
        if (!currentUser.isAuthenticated()) {
            // 把用户名和密码封装为 UsernamePasswordToken 对象
            UsernamePasswordToken token = new UsernamePasswordToken(username, password);
            // rememberme
            // token.setRememberMe(true);
            System.out.println("test1.--->" + token.hashCode());
            try {
                System.out.println("执行登录: " + token.hashCode());
                // 执行登录.
                currentUser.login(token);
            }
            // ... catch more exceptions here (maybe custom ones specific to
            // your application?
            // 所有认证时异常的父类.
            catch (AuthenticationException ae) {
                // unexpected condition? error?
                System.out.println("登录失败: " + ae.getMessage());
            }
        }
        return params;
    }
}

naxxm(liuyongchao)

8楼•2290天前

@wendal 这个配置好后能够成功运行，另外有一个问题为什么按照教程配置下面这句话的时候，

authc = org.nutz.integration.shiro.SimpleAuthenticationFilter

提示：

2018-01-09 20:35:43 setSimpleProperty: Invoking method public void org.apache.shiro.realm.AuthenticatingRealm.setCredentialsMatcher(org.apache.shiro.authc.credential.CredentialsMatcher) with value org.apache.shiro.authc.credential.HashedCredentialsMatcher@158ebf5 (class org.apache.shiro.authc.credential.HashedCredentialsMatcher)
[ContainerBackgroundProcessor[StandardEngine[Catalina]]] INFO org.apache.shiro.config.ReflectionBuilder - An instance with name 'authc' already exists.  Redefining this object as a new instance of type org.nutz.integration.shiro.SimpleAuthenticationFilter
[ContainerBackgroundProcessor[StandardEngine[Catalina]]] INFO org.apache.shiro.web.env.EnvironmentLoader - Shiro environment initialized in 164 ms.

authc已经存在，并且运行的时候，shiro相关类也不起作用了，请问是什么原因呢？

wendal

9楼•2290天前

// 你的java代码
int hashIterations = 1024;
// 你的shiro.ini
credentialsMatcher.hashIterations=10000

wendal

10楼•2290天前

"shiro相关类也不起作用了" 是啥意思

naxxm(liuyongchao)

11楼•2290天前

@wendal 这个和上面的不相关，重新写的代码，这个是可以跑通的
意思是如果配置了

authc = org.nutz.integration.shiro.SimpleAuthenticationFilter

就会提示authc已经有一个存在的了，并且运行登陆的时候，也不会调用MyRealm和TestCustomRealmMd5这两个类

wendal

12楼•2290天前

realm与token类型绑定的

请先登陆