shiro使用Md5加密

shiro使用Md5加密

视频参考：https://www.bilibili.com/video/BV1uz4y197Zm?p=8

shiro实现md5加密

package com.jing.md5;

import org.apache.shiro.crypto.hash.Md5Hash;

public class TestMd5 {
    public static void main(String[] args) {

        // 创建md5，使用Md5Hash构造方法进行加密
        Md5Hash md5Hash = new Md5Hash("123");
        System.out.println("md5 = " + md5Hash);
        // md5 + salt
        Md5Hash md5Hash1 = new Md5Hash("123", "zard");
        System.out.println("md5 + salt = " + md5Hash1);
        // md5 + salt + hash散列次数
        Md5Hash md5Hash2 = new Md5Hash("123", "zard", 1024);
        System.out.println("md5 + salt + hash散列次数 = " + md5Hash2);

    }
}
result:
md5 = 202cb962ac59075b964b07152d234b70
md5 + salt = 204f9a8aa53d4a5f3de28e969d2ea713
md5 + salt + hash散列次数 = 7a3865843b5ac72bb4d9e28cd8877681

1.Md5加密

自定义认证授权Realm

package com.jing.md5;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

public class CustomMd5Realm extends AuthorizingRealm {
    // 授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        return null;
    }

    // 认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        // 获取用户名
        String principal = (String) token.getPrincipal();
        // 直接判断
        if ("xiaojing".equals(principal)) {
            // 参数1：用户名 参数2：密码 参数3：realmName
            return new SimpleAuthenticationInfo(principal, "202cb962ac59075b964b07152d234b70", this.getName());
        }
        return null;
    }
}

package com.jing.md5;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;

public class TestCustomMd5Realm {
    public static void main(String[] args) {

        // 获取默认的安全管理器
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();

        CustomMd5Realm realm = new CustomMd5Realm();
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        realm.setCredentialsMatcher(hashedCredentialsMatcher);

        // 将自定义的Realm注入到安全管理器
        defaultSecurityManager.setRealm(realm);
        // 使用安全工具类 将安全管理器注入
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        // 获取主体
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken("xiaojing", "123");
        try {
            subject.login(token);
            System.out.println("登录成功");
        } catch (UnknownAccountException e) {
            e.printStackTrace();
            System.out.println("账号错误");
        } catch (IncorrectCredentialsException e) {
            e.printStackTrace();
            System.out.println("密码错误");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

2.Md5加密 + salt

• 只用添加ByteSource.Util.bytes([随机盐])即可

package com.jing.md5;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

public class CustomMd5Realm extends AuthorizingRealm {
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String principal = (String) token.getPrincipal();
        if ("xiaojing".equals(principal)) 
            // 加salt的话，只用添加参数 ByteSource.Util.bytes([随机盐])
            return new SimpleAuthenticationInfo(principal, "204f9a8aa53d4a5f3de28e969d2ea713", ByteSource.Util.bytes("zard"), this.getName());
        }
        return null;
    }
}

3.Md5加密 + salt + hash散列

package com.jing.md5;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

public class CustomMd5Realm extends AuthorizingRealm {
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String principal = (String) token.getPrincipal();
        if ("xiaojing".equals(principal)) {
            return new SimpleAuthenticationInfo(principal, "7a3865843b5ac72bb4d9e28cd8877681", ByteSource.Util.bytes("zard"), this.getName());
        }
        return null;
    }
}

hashedCredentialsMatcher.setHashIterations(1024); # 设置散列次数

package com.jing.md5;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;

public class TestCustomMd5Realm {
    public static void main(String[] args) {

        // 获取默认的安全管理器
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();

        CustomMd5Realm realm = new CustomMd5Realm();
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        // 设置使用md5加密（默认不加密equals比较密码）
        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        // hash散列次数
        hashedCredentialsMatcher.setHashIterations(1024);
        realm.setCredentialsMatcher(hashedCredentialsMatcher);

        // 将自定义的Realm注入到安全管理器
        defaultSecurityManager.setRealm(realm);
        // 使用安全工具类 将安全管理器注入
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        // 获取主体
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken("xiaojing", "123");
        try {
            subject.login(token);
            System.out.println("登录成功");
        } catch (UnknownAccountException e) {
            e.printStackTrace();
            System.out.println("账号错误");
        } catch (IncorrectCredentialsException e) {
            e.printStackTrace();
            System.out.println("密码错误");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}