话不多说,先上思路
重写SimpleCredentialsMatcher类的method
doCredentialsMatch
散列加密 盐值自己加
在AuthorizingRealm重写initCredentialsMatcher shiro验证
重写SimpleCredentialsMatcher类的method
doCredentialsMatch
散列加密 盐值自己加
public class CustomCredentialsMatcher extends SimpleCredentialsMatcher{
@Override
public boolean doCredentialsMatch(AuthenticationToken authcToken, AuthenticationInfo info) {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
Object tokenCredentials = encrypt(String.valueOf(token.getPassword()));
Object accountCredentials = getCredentials(info);
//将密码加密与系统加密后的密码校验,内容一致就返回true,不一致就返回false
return equals(tokenCredentials, accountCredentials);
}
//将传进来密码加密方法
public String encrypt(String data) {
String sha384Hex = new Sha384Hash(data).toHex();//这里可以选择自己的密码验证方式 比如 md5或者sha256等
return sha384Hex;
}
在AuthorizingRealm重写initCredentialsMatcher shiro验证
@PostConstruct
public void initCredentialsMatcher() {
// 该句作用是重写shiro的密码验证,让shiro用我自己的验证
setCredentialsMatcher(new CustomCredentialsMatcher());
}