我在apache shiro中创建了两个验证领域,但是当我尝试调用hasRole(“ any”)时,它将引发以下异常(如果角色存在,则返回true):
java.lang.ClassCastException: org.apache.shiro.subject.SimplePrincipalCollection cannot be cast to java.lang.String
at com.ws.shiro.RedisStringSerializer.serialize(RedisStringSerializer.java:13) ~[shiro-redis-3.0.2.jar:?]
at org.crazycake.shiro.RedisCache.get(RedisCache.java:79) ~[shiro-redis-3.2.2.jar:?]
at org.apache.shiro.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:328) ~[shiro-core-1.3.2.jar:1.3.2]
at org.apache.shiro.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:573) ~[shiro-core-1.3.2.jar:1.3.2]
at org.apache.shiro.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:374) ~[shiro-core-1.3.2.jar:1.3.2]
at org.apache.shiro.mgt.AuthorizingSecurityManager.hasRole(AuthorizingSecurityManager.java:153) ~[shiro-core-1.3.2.jar:1.3.2]
at org.apache.shiro.subject.support.DelegatingSubject.hasRole(DelegatingSubject.java:224) ~[shiro-core-1.3.2.jar:1.3.2]
at com.ws.user.login.LoginResource.login(LoginResource.java:65) ~[main/:?]
SHIRO.INI是:
# =======================
# Shiro INI configuration
# =======================
## Using Sha256 cryptography
credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName=SHA-256
credentialsMatcher.hashIterations = 1024
credentialsMatcher.storedCredentialsHexEncoded = false
dbRealm = com.ws.user.realm.DataBaseRealm
dbRealm.credentialsMatcher = $credentialsMatcher
credentialsMatcherToken = com.ws.user.realm.CustomCredentialMatcherToken
credentialsMatcherToken.hashAlgorithmName=SHA-256
credentialsMatcherToken.hashIterations = 1024
credentialsMatcherToken.storedCredentialsHexEncoded = false
tokenRealm = com.ws.user.realm.DataBaseBearerRealm
tokenRealm.credentialsMatcher = $credentialsMatcherToken
securityManager.realms = $dbRealm, $tokenRealm
#redisManager
redisManager = com.ws.shiro.RedisManager
redisManager.host = <THERE IS A HOST HERE>
redisManager.port = 6379
redisManager.expire = 1000
redisManager.timeout = 0
#============redisSessionDAO=============
redisSessionDAO = com.ws.shiro.RedisSessionDAO
redisSessionDAO.redisManager = $redisManager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionDAO = $redisSessionDAO
securityManager.sessionManager = $sessionManager
#============redisCacheManager===========
cacheManager = com.ws.shiro.RedisCacheManager
cacheManager.redisManager = $redisManager
securityManager.cacheManager = $cacheManager
这似乎是一些配置,导致在调试时,它仅用于我尝试验证的实际令牌,但是在ModularRealmAuthorizer类的方法hasRole中,它被调用了两次,每个领域一个,第一个可以,并且然后在第二个Realm中引发异常。
问题解决了!我忘记在我的自定义领域之一中覆盖方法getAuthorizationCacheKey。