I keep getting this error when i attempt to login. Any help is appreciated.
Login code
Realm realm = new TestRealm();
SecurityManager sm = new DefaultSecurityManager(realm);
SecurityUtils.setSecurityManager(sm);
UsernamePasswordToken token = new UsernamePasswordToken();
token.setUsername("dave");
token.setPassword("le1990".toCharArray());
token.setRememberMe(true);
Subject sub = SecurityUtils.getSubject();
sub.login(token);
doGetAuthenticationInfo method
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException{
UsernamePasswordToken upToken = (UsernamePasswordToken)token;
String username = upToken.getUsername();
if(username == null)
this.logger.info("We don't except Null usernames. sorry. ");
AuthenticationInfo info = null;
try{
USER user = new USER();
String pass = user.getPassForUser();
if(pass == null)
throw new AccountException("The account your looking for doesn't exist");
info = new SimpleAuthenticationInfo(username, pass, getName());
user.getPassForUser method returns hard wired value for testing. value copied from DB $shiro1$SHA-256$500000$temCnap0k+zboIW7y49Mww==$veyM6YL3QiCJvMwo0r2yu0KDC3ueAxZOYuN0vT+0v5M=
shiro.ini file
# realms to be used
customSecurityRealm=com.raven.rave.common.TestRealm
customSecurityRealm.jndiDataSourceName=java:jdbc/dbeka
customSecurityRealm.permissionsLookupEnabled=true
Finally the exception thrown
ERROR [STDERR] org.apache.shiro.authc.IncorrectCredentialsException:
Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken - dave, rememberMe=true] did not match the expected credent
ERROR [STDERR] at org.apache.shiro.realm.AuthenticatingRealm.assertCredentialsMatch(AuthenticatingRealm.java:600)
ERROR [STDERR] at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:578)
ERROR [STDERR] at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
ERROR [STDERR] at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
ERROR [STDERR] at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
ERROR [STDERR] at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
ERROR [STDERR] at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
ERROR [STDERR] at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
When i registered the user, i passed in the same password "le1990". Also, does the password retrieved from the DB have to be in plaintext. If so, how do i decrypt the password stored ?
The problem was an obvious one, that is missed.I hadn't set the credentialMatcher to the jdbc realm, on the ini file. adding in that statement fixed it up.
updated shiro.ini file
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
# realms to be used
jdbcrealm=com.raven.rave.common.TestRealm
jdbcrealm.permissionsLookupEnabled=true
securityManager.realm = $jdbcrealm
#statement that fixed it up
jdbcrealm.credentialsMatcher = $passwordMatcher