I believe you shouldn't call passwordService.encryptPassword(password)
in your application code. This is done internally in the login() method AFAIK.
Also, assuming that your Credentials table was filled with hashed passwords by Spring Security, you will have to make sure that Shiro uses exactly the same hash algorithm as Spring Security, which will require a custom CredentialsMatcher.
Best regards, Harald
