九、密码比较

最新推荐文章于 2023-05-15 16:52:46 发布

MrYangZCH

最新推荐文章于 2023-05-15 16:52:46 发布

阅读量721

点赞数 1

分类专栏： shiro 从入门到精通文章标签： shiro自定义密码 shiro密码比较

本文链接：https://blog.csdn.net/Mr_yangzc/article/details/82788164

版权

shiro 从入门到精通专栏收录该内容

11 篇文章 3 订阅

订阅专栏

在realm中认证成功后会返回 return new SimpleAuthenticationInfo(username,md5, getName());

在这里插入图片描述

认证成功成功拿到 info 放下执行到 assertCredentialsMatch（token,info）;

在这里插入图片描述

 public abstract class AuthenticatingRealm extends CachingRealm implements Initializable {
 
protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException {
    CredentialsMatcher cm = getCredentialsMatcher();
    if (cm != null) {
        if (!cm.doCredentialsMatch(token, info)) {
            //not successful - throw an exception to indicate this:
            String msg = "Submitted credentials for token [" + token + "] did not match the expected credentials.";
            throw new IncorrectCredentialsException(msg);
        }
    } else {
        throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify " +
                "credentials during authentication.  If you do not wish for credentials to be examined, you " +
                "can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance.");
    }
}
 
}

cm.doCredentialsMatch(token, info) 这里可以使用默认的密码比较器或者使用自定义的密码比较

在这里插入图片描述

我这里是自定义密码校验很简单就是继承上面图中的类画横线的过时了实现doCredentialsMatch 方法

public class Md5HashCredentialsMatcher extends SimpleCredentialsMatcher {

    @Override
    public boolean doCredentialsMatch(AuthenticationToken token,
                                      AuthenticationInfo info) {

        UsernamePasswordToken usertoken = (UsernamePasswordToken) token;

        //注意token.getPassword()拿到的是一个char[]，不能直接用toString()，它底层实现不是我们想的直接字符串，只能强转
        Object tokenCredentials = Encrypt.md5(String.valueOf(usertoken.getPassword()), usertoken.getUsername());
        Object accountCredentials = getCredentials(info);

        //将密码加密与系统加密后的密码校验，内容一致就返回true,不一致就返回false
        return equals(tokenCredentials, accountCredentials);
    }


}

然后在spring-shiro.xml 中配置一下

  <bean id="myRealm" class="spring.shiro.realm.MyRealm">
        <property name="credentialsMatcher" ref="md5Matcher"/>
        <!--<property name="credentialsMatcher" ref="md5hash"/>-->
    </bean>

    <bean id="md5hash" class="spring.shiro.matcher.Md5HashCredentialsMatcher"/>

    <bean id="md5Matcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
        <!-- 加密算法的名称 -->
        <property name="hashAlgorithmName" value="MD5"/>
        <!-- 配置加密的次数 -->
        <property name="hashIterations" value="1024"/>
    </bean>


    <bean id="sha1Matcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
        <!-- 加密算法的名称 -->
        <property name="hashAlgorithmName" value="SHA1"/>
        <!-- 配置加密的次数 -->
        <property name="hashIterations" value="1024"/>
    </bean>

MrYangZCH

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
1
评论
九、密码比较

在realm中认证成功后会返回 return new SimpleAuthenticationInfo(username,md5, getName());认证成功成功拿到 info 放下执行到 assertCredentialsMatch（token,info）; public abstract class AuthenticatingRealm extends Cachin...
复制链接

扫一扫