堆栈内存溢出
  简体   繁体   English

Apache Shiro的身份验证问题

[英]Authentication trouble with Apache Shiro

 原文  2014-10-11 18:06:52       java/ apache/ authentication/ shiro

问题描述

I'm a beginner with Apache Shiro. 我是Apache Shiro的初学者。 I've been following the docs and lots of other tutorials, blogs etc. but I just can't get the authentication to work. 我一直在关注文档以及许多其他教程,博客等。但是我只是无法使用身份验证。 When I attempt to login with a valid username and password, I always get an InvalidCredentialsException thrown. 当我尝试使用有效的用户名和密码登录时,总是会抛出InvalidCredentialsException I'm using DynamoDB as a custom realm for storing user credentials, but I really don't think that matters. 我将DynamoDB用作存储用户凭据的自定义领域,但我真的不认为这很重要。 It's obviously the way that I'm storing and/or doing the credential matching that's not correct. 显然,这是我存储和/或进行凭据匹配的方式,这是不正确的。 Here's my setup: 这是我的设置:

Shiro.ini: Shiro.ini: 

[main]
myRealm = com.enki.closing.users.DynamoDBRealm

credentialsMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
credentialsMatcher.storedCredentialsHexEncoded = false
credentialsMatcher.hashIterations = 1024

myRealm.credentialsMatcher = $credentialsMatcher

Create user account: 创建用户帐户: 

String password = ...
ByteSource passwordSalt = new SecureRandomNumberGenerator().nextBytes();
String hashedPasswordBase64 = new Sha256Hash(password, passwordSalt, 1024).toBase64();

// store the hashedPassword and salt in DynamoDB...
// I've tried storing the salt with and without base64 encoding.

The password and salt are stored fine in DynamoDB, the values look alright. 密码和盐可以很好地存储在DynamoDB中,这些值看起来还不错。 Here's the custom realm for authentication : 这是身份验证自定义领域 

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    UsernamePasswordToken userPass = (UsernamePasswordToken) token;
    String username = userPass.getUsername();
    ...
    // pull the matching password and salt out of DynamoDB, no problems...
    ByteSource passwordSalt = ByteSource.Util.bytes( storedPasswordSalt );
    return new SimpleAuthenticationInfo(username, passwordHash, passwordSalt, getName());
}

This is all pretty much what the docs are telling me to do, but there's something not right. 这几乎就是文档告诉我要做的,但是有些事情不正确。 When I try the login, it get InvalidCredentialsException . 当我尝试登录时,它将获得InvalidCredentialsException

1 个解决方案

解决方案1
 1 已采纳  2014-10-11 18:38:28

I figured out how to get it working. 我想出了如何使它工作。 I had to change this (in my custom realm impl): 我不得不更改此设置(在我的自定义领域中): 

ByteSource passwordSalt = ByteSource.Util.bytes( storedPasswordSalt );

to this: 对此: 

ByteSource passwordSalt = ByteSource.Util.bytes( 
                                  Base64.decode( storedPasswordSalt) );

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Apache shiro + kerberos身份验证 - Apache shiro + kerberos authentication Apache Shiro +身份验证问题 - Apache Shiro + Authentication issues Apache Shiro LDAP 配置(两步验证) - Apache Shiro LDAP Configuration (2 Step Authentication) 使用Java和Apache HttpClient进行Apache Shiro authcBasic身份验证 - Apache Shiro authcBasic authentication using Java and apache HttpClient 无法使用apache shiro saltedauthentication.hashProvidedCredentials给出预期的哈希值 - Having trouble with apache shiro saltedauthentication.hashProvidedCredentials not given expected hash Apache Shiro无状态 - 无会话JWT令牌认证问题 - Apache Shiro Stateless - Sessionless JWT Token Authentication Problem Swing客户端上的Apache Shiro - 用于身份验证授权的EJB 3.1案例 - Apache Shiro on a Swing Client - EJB 3.1 Case for Authentication-Authorisation 如何使用Apache Shiro和LDAP身份验证添加角色授权 - How to add role authorization using Apache Shiro with LDAP Authentication 用于基本身份验证的Apache Shiro凭据匹配始终失败 - Apache Shiro credentials matching for basic authentication always fails 在 apache shiro 中获取令牌提交的异常身份验证失败 - getting exception Authentication failed for token submission in apache shiro
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM