shiro使用Md5加密
视频参考:https://www.bilibili.com/video/BV1uz4y197Zm?p=8
shiro实现md5加密
package com.jing.md5;
import org.apache.shiro.crypto.hash.Md5Hash;
public class TestMd5 {
public static void main(String[] args) {
// 创建md5,使用Md5Hash构造方法进行加密
Md5Hash md5Hash = new Md5Hash("123");
System.out.println("md5 = " + md5Hash);
// md5 + salt
Md5Hash md5Hash1 = new Md5Hash("123", "zard");
System.out.println("md5 + salt = " + md5Hash1);
// md5 + salt + hash散列次数
Md5Hash md5Hash2 = new Md5Hash("123", "zard", 1024);
System.out.println("md5 + salt + hash散列次数 = " + md5Hash2);
}
}
result:
md5 = 202cb962ac59075b964b07152d234b70
md5 + salt = 204f9a8aa53d4a5f3de28e969d2ea713
md5 + salt + hash散列次数 = 7a3865843b5ac72bb4d9e28cd8877681
1.Md5加密
自定义认证授权Realm
package com.jing.md5;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
public class CustomMd5Realm extends AuthorizingRealm {
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
// 认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// 获取用户名
String principal = (String) token.getPrincipal();
// 直接判断
if ("xiaojing".equals(principal)) {
// 参数1:用户名 参数2:密码 参数3:realmName
return new SimpleAuthenticationInfo(principal, "202cb962ac59075b964b07152d234b70", this.getName());
}
return null;
}
}
package com.jing.md5;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
public class TestCustomMd5Realm {
public static void main(String[] args) {
// 获取默认的安全管理器
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
CustomMd5Realm realm = new CustomMd5Realm();
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5");
realm.setCredentialsMatcher(hashedCredentialsMatcher);
// 将自定义的Realm注入到安全管理器
defaultSecurityManager.setRealm(realm);
// 使用安全工具类 将安全管理器注入
SecurityUtils.setSecurityManager(defaultSecurityManager);
// 获取主体
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("xiaojing", "123");
try {
subject.login(token);
System.out.println("登录成功");
} catch (UnknownAccountException e) {
e.printStackTrace();
System.out.println("账号错误");
} catch (IncorrectCredentialsException e) {
e.printStackTrace();
System.out.println("密码错误");
} catch (Exception e) {
e.printStackTrace();
}
}
}
2.Md5加密 + salt
- 只用添加ByteSource.Util.bytes([随机盐])即可
package com.jing.md5;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
public class CustomMd5Realm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String principal = (String) token.getPrincipal();
if ("xiaojing".equals(principal))
// 加salt的话,只用添加参数 ByteSource.Util.bytes([随机盐])
return new SimpleAuthenticationInfo(principal, "204f9a8aa53d4a5f3de28e969d2ea713", ByteSource.Util.bytes("zard"), this.getName());
}
return null;
}
}
3.Md5加密 + salt + hash散列
package com.jing.md5;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
public class CustomMd5Realm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String principal = (String) token.getPrincipal();
if ("xiaojing".equals(principal)) {
return new SimpleAuthenticationInfo(principal, "7a3865843b5ac72bb4d9e28cd8877681", ByteSource.Util.bytes("zard"), this.getName());
}
return null;
}
}
hashedCredentialsMatcher.setHashIterations(1024); # 设置散列次数
package com.jing.md5;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
public class TestCustomMd5Realm {
public static void main(String[] args) {
// 获取默认的安全管理器
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
CustomMd5Realm realm = new CustomMd5Realm();
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
// 设置使用md5加密(默认不加密equals比较密码)
hashedCredentialsMatcher.setHashAlgorithmName("md5");
// hash散列次数
hashedCredentialsMatcher.setHashIterations(1024);
realm.setCredentialsMatcher(hashedCredentialsMatcher);
// 将自定义的Realm注入到安全管理器
defaultSecurityManager.setRealm(realm);
// 使用安全工具类 将安全管理器注入
SecurityUtils.setSecurityManager(defaultSecurityManager);
// 获取主体
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("xiaojing", "123");
try {
subject.login(token);
System.out.println("登录成功");
} catch (UnknownAccountException e) {
e.printStackTrace();
System.out.println("账号错误");
} catch (IncorrectCredentialsException e) {
e.printStackTrace();
System.out.println("密码错误");
} catch (Exception e) {
e.printStackTrace();
}
}
}