1、Shrio使用md5、随机salt、hash散列
导入shiro依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.5.3</version>
</dependency>
在shiro中有一个函数可以自动生成MD5+salt+hash=>Md5Hash
对应的包为:import org.apache.shiro.crypto.hash.Md5Hash;
相关写法如下:
//第一个参数:所需变换的源数据
//第二个参数:随机salt内容
//第三个参数:散列次数
Md5Hash md5Hash = new Md5Hash("123","X0**",1024);
System.out.println(md5Hash.toHex());
//返回结果为经过转换的加密值
2、shiro解码步骤(自定义权限授予类)
自定义用户登录权限验证类
自定义类需继承AuthorizingRealm,重写doGetAuthorizationInfo(登录用户授权方法)和doGetAuthenticationInfo(用户验证方法)。
doGetAuthorizationInfo:
(1)获取身份信息:principals.getPrimaryPrincipal();
(2)SimpleAuthorizationInfo:可自定义添加不同的登录角色,判断Subject是否有相关认证角色,常用方法有:addRole(自定义角色字符串形式)、addStringPermission(自定义角色,用shiro的权限表达式)
doGetAuthenticationInfo:
(1)获取身份认证信息:token.getPrincipal();
(2)SimpleAuthenticationInfo:该类有一个构造方法
第一个参数:身份信息
第二个参数:转换加密值
第三个参数:随机盐
第四个参数:自定义类名
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
public class md5realm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String primaryPrincipal = (String) principals.getPrimaryPrincipal();
System.out.println("身份信息:"+primaryPrincipal);
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRole("admin");
simpleAuthorizationInfo.addRole("user");
simpleAuthorizationInfo.addStringPermission("user:*:01");
return simpleAuthorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String principal = (String) token.getPrincipal();
if ("zs".equals(principal)) {
return new SimpleAuthenticationInfo(principal,
"143e1036b35f0de64a15c3dc74954430",
ByteSource.Util.bytes("X0**"),
this.getName());
}
return null;
}
}
认证身份信息
DefaultSecurityManager manager = new DefaultSecurityManager();
md5realm realm = new md5realm();
//加密信息需要给客户端认证
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
matcher.setHashAlgorithmName("md5");
matcher.setHashIterations(1024);
realm.setCredentialsMatcher(matcher);
manager.setRealm(realm);
SecurityUtils.setSecurityManager(manager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("zs", "123");
try {
subject.login(token);
System.out.println("登录成功");
} catch (UnknownAccountException e) {
e.printStackTrace();
System.out.println("用户名错误");
}catch (IncorrectCredentialsException e){
e.printStackTrace();
System.out.println("密码错误");
}
if (subject.isAuthenticated()) {
// System.out.println(subject.hasRole("user"));
// System.out.println(subject.hasAllRoles(Arrays.asList("admin", "super")));
boolean[] booleans = subject.hasRoles(Arrays.asList("admin","super","user"));
for (boolean b:booleans){
System.out.println(b);
}
System.out.println("=================");
System.out.println("权限:"+subject.isPermitted("user:*:01"));
}
}