报错：Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=true] did not match the expected credentials.

controller:

@RequestMapping(value = "login.do", method = RequestMethod.POST)

@ResponseBody

public ModelMap login() throws Exception {

logger.info("进入了userController");

String username = request.getParameter("username");

String password =request.getParameter("password") ;

String verifycode = request.getParameter("code");

String sessioncode = (String) session.getAttribute("code");

logger.info("接收的信息:"+username+password+verifycode+sessioncode);

ModelMap parmars=new ModelMap();

UsernamePasswordToken token =new UsernamePasswordToken(username,password);

Subject CurrentUser =SecurityUtils.getSubject();

try{

if (verifycode.equalsIgnoreCase(sessioncode)) {

if (!CurrentUser.isAuthenticated()) {

//token.setRememberMe(true);

CurrentUser.login(token);

logger.info(token.getUsername() + "登录成功");

} else {

parmars.put("code", Code.USERNAMEORPASSWORD_WRONG);

}

} else {

parmars.put("code", Code.CODE_WRONG);

}

} catch (Exception e) {

e.printStackTrace();

parmars.put("code", Code.UNKOWN_WRONG);

}

return  parmars;

}

Myrealm：

public class Myrealm extends AuthorizingRealm{

@SuppressWarnings("unused")

private static final Logger logger = LoggerFactory.getLogger(Myrealm.class);

@Autowired

private UserService userService;

public Myrealm(){

super();

}

/*

* (non-Javadoc)

* @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)

* 认证回调函数，登录时调用

*/

@Override

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {

UsernamePasswordToken token =(UsernamePasswordToken) authcToken;

User user=userService.getUserbyusername(token.getUsername());

if (user!=null) {

return  new  SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),getName());

}else {

throw new AuthenticationException("该用户不存在");

}

}

/*

* (non-Javadoc)

* @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)

* 授权查询回调函数，无用户授权信息是调用

*/

@Override

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection)throws AuthenticationException {

String username=(String) principalCollection.getPrimaryPrincipal();

//获取角色相关信息

List<Role> Rolelist=userService.getUserbyusername(username).getRole();

//角色名集合

Set<String> RoleSet=new HashSet<String>();

//权限名集合

Set<String> PermissionSet =new HashSet<String>();

for (Role role : Rolelist) {

RoleSet.add(role.getRolename());

for (Menu menu : role.getMenu()) {

PermissionSet.add(menu.getMenuname());

}

}

SimpleAuthorizationInfo authorization=new SimpleAuthorizationInfo();

authorization.addRoles(RoleSet);

authorization.addStringPermissions(PermissionSet);

return authorization;

}

/*

*更新用户授权信息缓存

*/

public void clearCacheAuthenticationInfo(String principals ){

@SuppressWarnings("unused")

SimplePrincipalCollection info=new SimplePrincipalCollection(principals,getName());

clearCacheAuthenticationInfo(principals);

}

/*

* 清除所有用户授权信息缓存

*/

public void clearAllCacheauthenticationInfo(){

Cache<Object, AuthorizationInfo> cache=getAuthorizationCache();

if (cache!=null) {

for(Object key :cache.keys()){

cache.remove(key);

}

}

}

}