springboot集成shiro之登陆加密报错

发布于:2021-10-20 10:19:20

1.springboot集成shiro之登陆加密报错,提示如下:

20:25:27.818 WARN org.apache.shiro.authc.AbstractAuthenticator 216 authenticate - Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken - maweijie, rememberMe=false]. Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException). java.lang.IllegalArgumentException: Illegal hexadecimal character m at index 0
at org.apache.shiro.codec.Hex.toDigit(Hex.java:156) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.codec.Hex.decode(Hex.java:135) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.codec.Hex.decode(Hex.java:107) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.codec.Hex.decode(Hex.java:95) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.authc.credential.HashedCredentialsMatcher.getCredentials(HashedCredentialsMatcher.java:353) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.authc.credential.HashedCredentialsMatcher.doCredentialsMatch(HashedCredentialsMatcher.java:380) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.realm.AuthenticatingRealm.assertCredentialsMatch(AuthenticatingRealm.java:600) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:581) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) [shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) [shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:275) [shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260) [shiro-core-1.4.2.jar:1.4.2]

2.分析经过

主要是这句:java.lang.IllegalArgumentException: Illegal hexadecimal character m at index 0


点进去查看这个地方



进去后debug



查看这个参数,不太对啊,也不是十六进制。



往上debug查看参数是什么,不是加密后的所以错误。



3.结论

在自定义的realm类里的方法doGetAuthenticationInfo处理加密验证的时候,password传成明文的了,应该是密文的。


注意参数:userName明文, password密文。


ByteSource byteSourceSalt = ByteSource.Util.bytes(user.getSalt());
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(userName, password, byteSourceSalt, getName());
return simpleAuthenticationInfo;

相关推荐

最新更新

猜你喜欢