1. The login encryption error of springboot integrated shiro is reported as follows:
20:25:27.818 WARN org.apache.shiro.authc.AbstractAuthenticator 216 authenticate - Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken - maweijie, rememberMe=false]. Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException). java.lang.IllegalArgumentException: Illegal hexadecimal character m at index 0
at org.apache.shiro.codec.Hex.toDigit(Hex.java:156) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.codec.Hex.decode(Hex.java:135) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.codec.Hex.decode(Hex.java:107) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.codec.Hex.decode(Hex.java:95) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.authc.credential.HashedCredentialsMatcher.getCredentials(HashedCredentialsMatcher.java:353) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.authc.credential.HashedCredentialsMatcher.doCredentialsMatch(HashedCredentialsMatcher.java:380) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.realm.AuthenticatingRealm.assertCredentialsMatch(AuthenticatingRealm.java:600) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:581) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267) ~[shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) [shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) [shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:275) [shiro-core-1.4.2.jar:1.4.2]
at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260) [shiro-core-1.4.2.jar:1.4.2]
2. Analysis process
Mainly this sentence: java.lang.IllegalArgumentException: Illegal hexadecimal character m at index 0
Click in to view this place
Debug after entering
Check this parameter, it's not right, it's not hexadecimal.
Go up to debug to see what the parameter is, it is not encrypted, so it is wrong.
3. Conclusion
When the method doGetAuthenticationInfo in the custom realm class handles encryption authentication, the password is passed in plain text, which should be cipher text.
Note the parameters: userName in plain text, password in cipher text.
ByteSource byteSourceSalt = ByteSource.Util.bytes(user.getSalt());
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(userName, password, byteSourceSalt, getName());
return simpleAuthenticationInfo;