Springboot integrated shiro login encryption error report

Others 2021-01-25 09:39:10 views: null

1. The login encryption error of springboot integrated shiro is reported as follows:

20:25:27.818 WARN  org.apache.shiro.authc.AbstractAuthenticator 216 authenticate - Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken - maweijie, rememberMe=false].  Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException). java.lang.IllegalArgumentException: Illegal hexadecimal character m at index 0
	at org.apache.shiro.codec.Hex.toDigit(Hex.java:156) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.codec.Hex.decode(Hex.java:135) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.codec.Hex.decode(Hex.java:107) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.codec.Hex.decode(Hex.java:95) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.authc.credential.HashedCredentialsMatcher.getCredentials(HashedCredentialsMatcher.java:353) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.authc.credential.HashedCredentialsMatcher.doCredentialsMatch(HashedCredentialsMatcher.java:380) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.realm.AuthenticatingRealm.assertCredentialsMatch(AuthenticatingRealm.java:600) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:581) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267) ~[shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) [shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) [shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:275) [shiro-core-1.4.2.jar:1.4.2]
	at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260) [shiro-core-1.4.2.jar:1.4.2]

2. Analysis process

Mainly this sentence: java.lang.IllegalArgumentException: Illegal hexadecimal character m at index 0

Click in to view this place

Debug after entering

Check this parameter, it's not right, it's not hexadecimal.

Go up to debug to see what the parameter is, it is not encrypted, so it is wrong.

3. Conclusion

When the method doGetAuthenticationInfo in the custom realm class handles encryption authentication, the password is passed in plain text, which should be cipher text.

Note the parameters: userName in plain text, password in cipher text.

ByteSource byteSourceSalt = ByteSource.Util.bytes(user.getSalt());
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(userName, password, byteSourceSalt, getName());
return simpleAuthenticationInfo;

Guess you like

Origin blog.csdn.net/Mint6/article/details/103846978
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com