Shiro----加密算法
=================
文章目录
??合抱之木,生于毫末;百丈之台,起于垒土;千里之行,始于足下。------《老子》
??今日学习任务!!!!!
??1、实现md5加密
??一、散列算法(算法加密)
??在身份认证的过程中往往都会涉及到加密,如果不加密,这个时
候信息就会非常的不安全,shiro 中提供的算法比较多 如 MD5 、SHA
例如:
?? 1. 使用 MD5 进行 ‘’123456 加密后为:e10adc3949ba59abbe56e057f20f883e
??2. . 进行加盐操作(更加安全) 123456 +姓名=
??1.1、MD5加密
??1.2、使用md5加密,模拟数据库登录
使用md5加密 ,模拟数据库登录
shiro_md5.ini
自定义的UserRealm
package wr.oyc.shiro;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import java.sql.*;
public class UserRealm extends AuthorizingRealm {
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
Connection connection = null ;
PreparedStatement preparedStatement =null ;
ResultSet resultSet = null ;
try {
Class.forName("com.mysql.jdbc.Driver");
connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/shiro" , "root" , "root");
preparedStatement = connection.prepareStatement("select name , password from users");
resultSet = preparedStatement.executeQuery();
while (resultSet.next()){
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(resultSet.getString("name") , resultSet.getString("password") , ByteSource.Util.bytes("oyc") , "userRealm" );
return info;
}
} catch (ClassNotFoundException | SQLException e) {
e.printStackTrace();
}finally {
if(connection!=null){
try {
connection.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(resultSet!=null){
try {
resultSet.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(preparedStatement!=null){
try {
preparedStatement.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
return null ;
}
}
加密数据
把加密的数据复制到数据库中
测试类
package wr.oyc.shiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import java.util.Scanner;
public class Main1 {
public static void main(String[] args) {
while (true) {
Scanner scanner = new Scanner(System.in);
System.out.println("-----Login-----");
System.out.print("请输入账号:");
String name = scanner.next();
System.out.print("请输入密码:");
String password = scanner.next();
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro_md5.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new
UsernamePasswordToken(name, password);
try {
subject.login(token);
if (subject.isAuthenticated()) {
System.out.println("登录成功");
break;
} else {
System.out.println("登录失败");
}
} catch (IncorrectCredentialsException e) {
System.out.println("凭证密码不正确");
System.out.println("请再次密码");
System.out.println();
System.out.println();
} catch (UnknownAccountException e) {
System.out.println("用户名不正确");
} catch (ExcessiveAttemptsException e) {
System.out.println("尝试次数过多");
//凭证
} catch (ExpiredCredentialsException e) {
System.out.println("凭证过期");
} catch (ConcurrentAccessException e) {
System.out.println("竞争次数过多");
} catch (DisabledAccountException e) {
System.out.println("尝试次数过多");
}
}
}
}
效果图
md5加密 , 好处就是加密密码 , 不然像一些银行账号, 不去做md5加密 , 那不是数据库管理员就可以看到别人账号密码啦!