實(shí)現(xiàn)Shiro簡(jiǎn)單登錄認(rèn)證后出現(xiàn)問(wèn)題。您不使用 ajax 請(qǐng)求登錄。當(dāng)你點(diǎn)擊login訪問(wèn)一個(gè)controller方法，securityuils.getsubject.login(token)訪問(wèn)提交時(shí)，找不到地址。是否需要加密碼呢？

//This is the controller
@RequestMapping("/checkLogin.do")
    private void login(HttpServletRequest request) throws UserException{
        String account = request.getParameter("account");
        String password = request.getParameter("password");
        UsernamePasswordToken token = new UsernamePasswordToken(account,password);
        Subject currentUser = SecurityUtils.getSubject();
        try{
            if(!currentUser.isAuthenticated()){
                currentUser.login(token);
            }
        }catch(UnknownAccountException uae){
            //User name / password error
            Throw new useraccountexception ("wrong user name or password! "";
        }catch(IncorrectCredentialsException ice){
            //User name / password error
            Throw new usercredentialsexception ("wrong user name or password! "";
        }catch(ExcessiveAttemptsException eae){
            //Abnormal login times, account locked
            Throw new userattemptsexception ("login more than 5 times, account locked! "";
        }catch(AuthenticationException ae){
            //Other exceptions
            Throw new userexception ("login failed! "";
        }
    }
    
}
//This is realm
@Override
    protected AuthenticationInfo doGetAuthenticationInfo(
            AuthenticationToken token) throws AuthenticationException {
        //Token based on user name and password
        //This token is from currentuser.login (token) of registcontroller
        UsernamePasswordToken uptoken = (UsernamePasswordToken)token;
        //Call service to query user through user account
        UserAuthDTO userAuth = userService.getUserAuthByAccount((String)uptoken.getPrincipal());
        if(userAuth == null){
            return null;
        }
        String identity = userAuth.getAccount();
        String password = userAuth.getPassword();
        String salt = userAuth.getSalt();
        if(userAuth.getIsLocked() != null && userAuth.getIsLocked() == 1){
            Throw new authenticationexception ("the account is locked! "";
        }
        AuthenticationInfo authInfo = new SimpleAuthenticationInfo(userAuth
                , password, ByteSource.Util.bytes(identity+salt), this.getName()); 
        System. Out. Println ("realm login authentication is over! "";
        return authInfo;
    }
}
//This is Shiro configuration
 <! -- configuration filter will be referenced by the filter configured in web.xml -- >
        <! -- Shiro's web filter -- >
        <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <! -- inject security component -- >
            <property name="securityManager" ref="securityManager" />
            <! -- set login address -- >
            <property name="loginUrl" value="/user/login.do"/>
            <property name="successUrl" value="/index.jsp"/>
<!--            <property name="unauthorizedUrl" value="/unauthorized.jsp"/> -->
            <! -- because every bean of type javax.servlet.filter that has been defined can pass the bean name in the definition of the chain
            So the filters property is not required. But you can replace the filters with the filters property as needed
            Instance or alias filter -- >
            <!-- <property name="filters">
                <map>
                    <entry key="anAlias" value-ref="someFilter"/>
                </map>
            </property>-->
            <! -- processor execution chain -- >
            <property name="filterChainDefinitions">
                <value>
                    <! -- define permission interception -- >
                    <! -- set anonymous access to static resources -- >
                    <! -- set anonymous access to login registration page -- >
                    /regist.jsp = anon
                    /login.jsp = anon
                </value>
            </property>
        </bean>
        <!-- securityManager -->
        <! -- Security Manager -- >
        <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="realm" ref="userAuthenticatorRealm"/>
        </bean>        
        <! -- ensure bean execution of lifecycle function within Shiro -- >
<!--        <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>-->
        
        <! -- configure the realm for specific authentication and authorization -- >
        <! -- inherit the user-defined realm of authorizing realm used to complete user login authentication -- >
        <bean id="userAuthenticatorRealm" class="com.maikesiwei.mksw.user.shiro.realm.UserAuthenticatorRealm">
            <! -- inject credentialsmatcher for certificate matching -- >
            <property name="credentialsMatcher" ref="credentialsMatcher"/>
        </bean>
        <! -- credential matcher -- >
        <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
            <! -- encryption hash algorithm -- >
            <property name="hashAlgorithmName" value="SHA-256"/>
            <! -- iterations -- >
            <property name="hashIterations" value="5"/>
        </bean>

最后點(diǎn)擊登錄。

HTTP Status 404 – /web-templet/user/user/checkLogin

type 狀態(tài)報(bào)告

信息 /web-templet/user/user/checkLogin

描述 請(qǐng)求的資源不可用。

Apache Tomcat/8.0.44

如果在登錄頁(yè)面直接點(diǎn)擊登錄，會(huì)報(bào)賬號(hào)密碼錯(cuò)誤。如果直接填寫(xiě)賬號(hào)，點(diǎn)擊登錄域，會(huì)發(fā)現(xiàn)用戶(hù)返回到認(rèn)證信息，頁(yè)面如下：

如果大家想了解更多相關(guān)知識(shí)，可以關(guān)注一下動(dòng)力節(jié)點(diǎn)的Shiro視頻教程，里面的內(nèi)容詳細(xì)，由淺到深，適合沒(méi)有基礎(chǔ)的小伙伴學(xué)習(xí)，希望對(duì)大家能夠有所幫助。