随着越来越多MD5解密破解工具兴起,相对于MD5加密,MD5盐值加密更加安全保险。
实体类Admin
@Component
@Data
@NoArgsConstructor
@AllArgsConstructor
public class Admin {
private int id;
private String name;
private String pwd;
}
AdminMapper
@Mapper
@Repository
public interface AdminMapper {
List<Admin> getAllAdmin();
Admin getAdminByName(String name);
void add(Admin admin);
}
前台编写注册页面和登录页面
注册相关控制器
@RequestMapping("/toRegister")
public String toRegister(){
return "register";
}
@RequestMapping("/register")
public String register(String username,String password, Model model){
//根据username查找数据库是否存在该用户
if (!(adminMapper.getAdminByName(username)==null)){
model.addAttribute("msg","用户名已存在!");
return "register";
}else{
Admin admin = new Admin();
admin.setName(username);
//加密密码
admin.setPwd(new SimpleHash("MD5", password, ByteSource.Util.bytes("1"), 1).toString());
adminMapper.add(admin);
return "login";
}
}
使用 new SimpleHash(hashAlgorithmName, credentials, salt, hashIterations); 来计算盐值加密后的密码的值,此处将密码加密存入数据库
通过ByteSource.Util.bytes()计算盐值,盐值需要唯一, 一般使用随机字符串或 user的 id。
登录相关控制器
@RequestMapping("/toLogin")
public String toLogin(){
return "login";
}
@RequestMapping("/login")
public String fun6(String username,String password,Model model){
//获取Subject对象
Subject subject = SecurityUtils.getSubject();
//封装用户的登录数据
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try{
//执行登录操作
subject.login(token);
return "index";
}catch(UnknownAccountException e) { //用户名不存在
model.addAttribute("msg","用户名不存在");
return "login";
}catch(IncorrectCredentialsException e) { //密码不存在
model.addAttribute("msg","密码不存在");
return "login";
}
}
自定义Realm
public class UserRealm extends AuthorizingRealm {
@Autowired
AdminMapper adminMapper;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("授权");
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("认证");
UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken;
//获取数据库中真实的数据
Admin admin = adminMapper.getAdminByName(token.getUsername());
//判断用户名是否存在
if(admin==null){
return null;//这里返回null抛出UnknownAccountException异常
}
return new SimpleAuthenticationInfo(admin,admin.getPwd(),ByteSource.Util.bytes("1"),"");
}
}
在 doGetAuthenticationInfo 方法中,返回值创建 SimpleAuthenticationInfo 对象, 需要使用 SimpleAuthenticationInfo(principal, credentials, credentialsSalt, realmName) 构造器,参数列表(实体信息,密码,盐值,realm名称)
配置Shiro
替换当前 Realm的credentialsMatcher 属性
@Configuration
public class ShiroConfig {
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher(){
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
//指定加密方式为MD5
credentialsMatcher.setHashAlgorithmName("MD5");
//加密次数
credentialsMatcher.setHashIterations(1);
//credentialsMatcher.setStoredCredentialsHexEncoded(true);
return credentialsMatcher;
}
//1.Realm
@Bean
public UserRealm userRealm(@Qualifier("hashedCredentialsMatcher") HashedCredentialsMatcher hashedCredentialsMatcher){
UserRealm userRealm = new UserRealm();
userRealm.setCredentialsMatcher(hashedCredentialsMatcher);
return userRealm;
}
//2.DefaultWebSecurityManager
@Bean(name = "securityManager")
public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//关联UserRealm
securityManager.setRealm(userRealm);
return securityManager;
}
//3.ShiroFilterFactoryBean
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//设置安全管理器
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
//authc:需要认证登录才能访问
//shiro中过滤器的使用语法:map.put(“需要过滤的URL”,“要使用的过滤器”)
map.put("/views/*","authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
//设置登录页面
shiroFilterFactoryBean.setLoginUrl("/toLogin");
return shiroFilterFactoryBean;
}
}
关于MD5盐值加密的配置就完成了!
参考:Springboot + Shiro——MD5 盐值加密(配置)_springmd5 盐值加密写在哪里_鹿谷門実的博客-CSDN博客