直接上代码:
先建立一个User类
public class User{
private String username;
private String password;
private String salt;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getSalt() {
return salt;
}
public void setSalt(String salt) {
this.salt = salt;
}
public String getCredentialsSalt() {
return username + salt;
}
}
利用shiro包中方法进行盐值加密
1.生成一个随机数,salt存入数据库
2.将username和salt 拼接作为新的盐值,去生成新的密码
PassworderHelper.java
@Service
public class PasswordHelper {
private RandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator();
private String algorithmName = "md5";
private int hashIterations = 2;
public void setRandomNumberGenerator(RandomNumberGenerator randomNumberGenerator) {
this.randomNumberGenerator = randomNumberGenerator;
}
public void setAlgorithmName(String algorithmName) {
this.algorithmName = algorithmName;
}
public void setHashIterations(int hashIterations) {
this.hashIterations = hashIterations;
}
public User encryptPassword(User user) {
user.setSalt(randomNumberGenerator.nextBytes().toHex());
String newPassword = new SimpleHash(
algorithmName,
user.getPassword(),
ByteSource.Util.bytes(user.getCredentialsSalt()),
hashIterations).toHex();
user.setPassword(newPassword);
return user;
}
}
注册时,对于前台发送来的请求,先用encryptPassword处理一下即可。
@Override
public long insertOrUpdateUser(User user) {
try {
passwordHelper.encryptPassword(user);
return userDao.insertUser(user);
} catch (DataAccessException e) {
LOG.error("insertOrUpdateUser error.", e);
}
return 0;
}
登录验证时,对应的realm
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String) token.getPrincipal();
User user = userService.selectUserByUsername(username);
if (user != null) {
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), ByteSource.Util.bytes(user.getUsername()+user.getSalt()), getName());
SessionUtil.setSessionUser(user);
return authenticationInfo;
}
return null;
}