How Do I Authenticate a User With Shiro?

Question

I've gone over and over on how to have a user login with Shiro, but it still seems like a vital piece is missing: How does shiro authenticate a given username and password against stored usernames and passwords? The most I've figured out is It is each Realm's responsibility to match submitted credentials with those stored in the Realm's backing data store from here. But how is that done?

Below is what I've tried, but the result is still an invalid authentication.

LoginController

@RequestMapping(value = "/login.htm", method = RequestMethod.POST)
protected ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse response, Object cmd, BindException errors) throws Exception {

    LoginCommand command = (LoginCommand) cmd;
    UsernamePasswordToken token = new UsernamePasswordToken(command.getUsername(), command.getPassword());
    System.out.println("onSubmit");
    System.out.println(token.getUsername());
    System.out.println(token.getPassword());

    try
    {
        SecurityUtils.getSubject().login(token);
    } catch (AuthenticationException e) {
        errors.reject("error.invalidLogin", "The username or password was not correct.");
    }

    if (errors.hasErrors()) {
        return showForm(request, response, errors);
    } else {
        return new ModelAndView("accessTest");
    }
}

Realm

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
    UsernamePasswordToken token = (UsernamePasswordToken) authcToken;

    System.out.println("doGetAuthenticationInfo");
    System.out.println(user.getUsername());
    System.out.println(user.getPassword());

    // user is a test object in place of a database
    if( user != null ) {
        return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
    } else {
        return null;
    }
}

Can you share output? My first guess is that token.getPassword() != user.getPassword(). — jbunting, Aug 31 '12 at 17:15

score 1 · Accepted Answer · answered Sep 07 '12 at 20:20

1

Discovered the answer. It was a foolish one. I copied some example code, and they set the credentials matcher to HashedCredentialsMatcher. I wasn't doing any hashing, so it didn't work. Removed the setCredentialsMatcher and it worked.

answered Sep 07 '12 at 20:20

Jesse Jashinsky

10,313
6
38
63

I'm sorry to bother you so long later. Could you post the full class of your realm. I cannot find any examples explaining what the class name should be so I can authenticate users in my db :( – chris loughnane Apr 18 '18 at 15:01
Sorry @chrisloughnane, that code is long gone, so I'm afraid I can't help you. – Jesse Jashinsky May 23 '18 at 21:58

How Do I Authenticate a User With Shiro?

1 Answers1