I’ve gone over and over on how to have a user login with Shiro, but it still seems like a vital piece is missing: How does shiro authenticate a given username and password against stored usernames and passwords? The most I’ve figured out is It is each Realm's responsibility to match submitted credentials with those stored in the Realm's backing data store from here. But how is that done?
Below is what I’ve tried, but the result is still an invalid authentication.
LoginController
@RequestMapping(value = "/login.htm", method = RequestMethod.POST)
protected ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse response, Object cmd, BindException errors) throws Exception {
LoginCommand command = (LoginCommand) cmd;
UsernamePasswordToken token = new UsernamePasswordToken(command.getUsername(), command.getPassword());
System.out.println("onSubmit");
System.out.println(token.getUsername());
System.out.println(token.getPassword());
try
{
SecurityUtils.getSubject().login(token);
} catch (AuthenticationException e) {
errors.reject("error.invalidLogin", "The username or password was not correct.");
}
if (errors.hasErrors()) {
return showForm(request, response, errors);
} else {
return new ModelAndView("accessTest");
}
}
Realm
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
System.out.println("doGetAuthenticationInfo");
System.out.println(user.getUsername());
System.out.println(user.getPassword());
// user is a test object in place of a database
if( user != null ) {
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
} else {
return null;
}
}
Discovered the answer. It was a foolish one. I copied some example code, and they set the credentials matcher to HashedCredentialsMatcher. I wasn’t doing any hashing, so it didn’t work. Removed the setCredentialsMatcher and it worked.