springboot集成shiro之登陆加密报错

最新推荐文章于 2024-11-04 21:28:44 发布

原创最新推荐文章于 2024-11-04 21:28:44 发布 · 3.8k 阅读

1 ·

CC 4.0 BY-SA版权

文章标签：

#java #shiro #springboot #spring #SimpleAuthenticationInfo

spring boot 专栏收录该内容

36 篇文章

订阅专栏

本文详细分析了SpringBoot集成Shiro时遇到的登录加密错误，具体表现为非法十六进制字符异常。通过深入代码debug，发现密码传递过程中未进行正确加密，导致验证失败。文章提供了错误定位及解决方案，强调了在自定义Realm类中处理加密验证时，确保密码为密文的重要性。

1.springboot集成shiro之登陆加密报错，提示如下：

20:25:27.818 WARN  org.apache.shiro.authc.AbstractAuthenticator 216 authenticate - Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken - maweijie, rememberMe=false].  Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException). java.lang.IllegalArgumentException: Illegal hexadecimal character m at index 0
	at org.apache.shiro.codec.Hex.toDigit(Hex.java:156) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.codec.Hex.decode(Hex.java:135) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.codec.Hex.decode(Hex.java:107) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.codec.Hex.decode(Hex.java:95) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.authc.credential.HashedCredentialsMatcher.getCredentials(HashedCredentialsMatcher.java:353) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.authc.credential.HashedCredentialsMatcher.doCredentialsMatch(HashedCredentialsMatcher.java:380) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.realm.AuthenticatingRealm.assertCredentialsMatch(AuthenticatingRealm.java:600) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:581) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) [shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) [shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:275) [shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260) [shiro-core-1.4.2.jar:1.4.2]

2.分析经过

主要是这句：java.lang.IllegalArgumentException: Illegal hexadecimal character m at index 0

点进去查看这个地方

进去后debug

查看这个参数，不太对啊，也不是十六进制。

往上debug查看参数是什么，不是加密后的所以错误。

3.结论

在自定义的realm类里的方法doGetAuthenticationInfo处理加密验证的时候，password传成明文的了，应该是密文的。

注意参数：userName明文, password密文。

ByteSource byteSourceSalt = ByteSource.Util.bytes(user.getSalt());
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(userName, password, byteSourceSalt, getName());
return simpleAuthenticationInfo;