报错：还没登录，SecurityUtils.getSubject().isAuthenticated()为什么是ture，他得知应该是false才对呀

@RequestMapping(value = "login.do", method = RequestMethod.POST)

@ResponseBody

public ModelMap login() throws Exception {

logger.info("进入了userController");

String username = request.getParameter("username");

String password = request.getParameter("password");

String verifycode = request.getParameter("code");

String sessioncode = (String) SecurityUtils.getSubject().getSession().getAttribute("code");

logger.info("接收的信息:" + username + password + verifycode + sessioncode);

ModelMap parmars = new ModelMap();

UsernamePasswordToken token = new UsernamePasswordToken(username, password);

logger.info(token.toString()+"接收令牌");

Subject subject = SecurityUtils.getSubject();

logger.info(subject.getPrincipal()+"获取登陆者");

try{

if (verifycode.equalsIgnoreCase(sessioncode)) {

System.out.println(subject.isAuthenticated()+"-------------");

//判断身份是否进行登录验证

if (!subject.isAuthenticated()) {

token.setRememberMe(true);

subject.login(token);

logger.info(token.getUsername() + "登录成功");

parmars.put("code", Code.SUCCESS);

} else {

parmars.put("code", Code.ISREMEMBERED);

}

} else {

parmars.put("code", Code.CODE_WRONG);

}

} catch (Exception e) {

e.printStackTrace();

parmars.put("code", Code.UNKOWN_WRONG);

logger.info("shiro导致的系统错误");

}

return parmars;

}