報錯：Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=true] did not match the expected credentials.controller:@RequestMapping(value = "login.do", method = RequestMethod.POST) @ResponseBody public ModelMap login() throws Exception { logger.info("進入了userController"); String username = request.getParameter("username"); String password =request.getParameter("password") ; String verifycode = request.getParameter("code"); String sessioncode = (String) session.getAttribute("code"); logger.info("接收的信息:"+username+password+verifycode+sessioncode); ModelMap parmars=new ModelMap(); UsernamePasswordToken token =new UsernamePasswordToken(username,password); Subject CurrentUser =SecurityUtils.getSubject(); try{ if (verifycode.equalsIgnoreCase(sessioncode)) { if (!CurrentUser.isAuthenticated()) { //token.setRememberMe(true); CurrentUser.login(token); logger.info(token.getUsername() + "登錄成功"); } else { parmars.put("code", Code.USERNAMEORPASSWORD_WRONG); } } else { parmars.put("code", Code.CODE_WRONG); } } catch (Exception e) { e.printStackTrace(); parmars.put("code", Code.UNKOWN_WRONG); } return ?parmars; }Myrealm：public class Myrealm extends AuthorizingRealm{ @SuppressWarnings("unused") private static final Logger logger = LoggerFactory.getLogger(Myrealm.class); @Autowired private UserService userService; public Myrealm(){ super(); } /* * (non-Javadoc) * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken) * 認證回調函數，登錄時調用 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token =(UsernamePasswordToken) authcToken; User user=userService.getUserbyusername(token.getUsername()); if (user!=null) { return ?new ?SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),getName()); }else { throw new AuthenticationException("該用戶不存在"); } } /* * (non-Javadoc) * @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) * 授權查詢回調函數，無用戶授權信息是調用 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection)throws AuthenticationException { String username=(String) principalCollection.getPrimaryPrincipal(); //獲取角色相關信息 List<Role> Rolelist=userService.getUserbyusername(username).getRole(); //角色名集合 Set<String> RoleSet=new HashSet<String>(); //權限名集合 Set<String> PermissionSet =new HashSet<String>(); for (Role role : Rolelist) { RoleSet.add(role.getRolename()); for (Menu menu : role.getMenu()) { PermissionSet.add(menu.getMenuname()); } } SimpleAuthorizationInfo authorization=new SimpleAuthorizationInfo(); authorization.addRoles(RoleSet); authorization.addStringPermissions(PermissionSet); return authorization; } /* *更新用戶授權信息緩存 */ public void clearCacheAuthenticationInfo(String principals ){ @SuppressWarnings("unused") SimplePrincipalCollection info=new SimplePrincipalCollection(principals,getName()); clearCacheAuthenticationInfo(principals); } /* * 清除所有用戶授權信息緩存 */ public void clearAllCacheauthenticationInfo(){ Cache<Object, AuthorizationInfo> cache=getAuthorizationCache(); if (cache!=null) { for(Object key :cache.keys()){ cache.remove(key); } } }}