shiro自定义Realm+MD5加密、加盐

shiro自定义Realm+MD5加密、加盐

1.加载依赖

<dependency>
  <groupId>junit</groupId>
  <artifactId>junit</artifactId>
  <version>4.12</version>
</dependency>
<!--shiro-->
<dependency>
  <groupId>org.apache.shiro</groupId>
  <artifactId>shiro-core</artifactId>
  <version>1.4.0</version>
</dependency>

2.自定义realm代码
在这里插入图片描述
分别实现的是用户验证和角色权限验证两个方法
在这里插入图片描述
在这里插入图片描述
先是实例SimpleAuthenticationInfo,设置用户名,密码,真实名,这里使用的map模拟
再是Set模拟,角色和权限,
整体代码如下:

package com.lbl.shiro.realm;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

public class CustomRealm extends AuthorizingRealm {

Map<String,String> userMap = new HashMap<>();
{
    userMap.put("admin","a66abb5684c45962d887564f08346e8d");
    super.setName("customRealm");
}

@Override//角色权限认证
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    String userName = (String) principalCollection.getPrimaryPrincipal();
    Set<String> roles = getRoleByUserName(userName);
    Set<String> permissions = gerPerByUserName(userName);

    SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
    simpleAuthorizationInfo.setStringPermissions(permissions);
    simpleAuthorizationInfo.setRoles(roles);

    return simpleAuthorizationInfo;
}

private Set<String> gerPerByUserName(String userName) {
    Set<String> permissions = new HashSet<>();
    permissions.add("user:delete");
    permissions.add("user:update");
    return permissions;
}

private Set<String> getRoleByUserName(String userName) {
    Set<String> roles = new HashSet<>();
    roles.add("admin");
    roles.add("user");
    return roles;
}

@Override//用户认证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    //从主题传过来的认证信息获取用户名
    String userName= (String) authenticationToken.getPrincipal();
    //通过用户名,获取凭证
    String password = getPwdByUserName(userName);
    if(password == null){
        return null;
    }
    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo("admin",password,"customReal");
    //加盐
    authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("admin"));
    return authenticationInfo;
}
/**
 * 模拟数据库获取
 * @param userName
 * @return
 */
private String getPwdByUserName(String userName) {
    return userMap.get("admin");
}

}

3.测试文件;依旧还是那几步

import com.lbl.shiro.realm.CustomRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
public class CustomRealmTest {
    @Test
    public void showPwd(){//初步显示md5加密后的字符串
/*        Md5Hash md5Hash = new Md5Hash("123456");
        System.out.println(md5Hash.toString());*/
        Md5Hash md5Hash = new Md5Hash("123456","admin");
        System.out.println(md5Hash.toString());
    }
    @Test
    public void testCostomRealm(){
        CustomRealm customRealm = new CustomRealm();
        //1.构建管理器环境
        DefaultSecurityManager securityManager = new DefaultSecurityManager();
        //将用户加入进去
        securityManager.setRealm(customRealm);
        //直接md5加密
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashIterations(1);
        hashedCredentialsMatcher.setHashAlgorithmName("md5");

    customRealm.setCredentialsMatcher(hashedCredentialsMatcher);

    //2.提交认证请求
    SecurityUtils.setSecurityManager(securityManager);
    Subject subject = SecurityUtils.getSubject();
    //认证
    UsernamePasswordToken token = new UsernamePasswordToken("admin","123456");
    subject.login(token);
    System.out.println("isAuthenticated:"+subject.isAuthenticated());
    System.out.println("checkeRoles:"+subject.hasRole("admin"));
    System.out.println("hasPermission:"+subject.isPermitted("user:delete"));
}
}

4,差不多先就这样。

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值