shiro整合springboot的随机盐的登录认证

于 2023-10-09 09:53:11 发布
阅读量116 收藏
点赞数
分类专栏: shiro Java springboot 文章标签: spring boot 后端 java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/modern358/article/details/133516590
版权
Java 同时被 3 个专栏收录
1267 篇文章 4 订阅
订阅专栏
springboot
112 篇文章 0 订阅
订阅专栏
shiro
8 篇文章 0 订阅
订阅专栏

新建springboot项目,导入依赖

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.7.16</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.shrimpking</groupId>
    <artifactId>springboot-67</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>springboot-67</name>
    <description>Demo project for Spring Boot</description>
    <properties>
        <java.version>1.8</java.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

        <!-- springboot整合方式的依赖包       -->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring-boot-web-starter</artifactId>
            <version>1.9.0</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-boot-starter</artifactId>
            <version>3.4.1</version>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.47</version>
        </dependency>
        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-generator</artifactId>
            <version>3.4.1</version>
        </dependency>
        <dependency>
            <groupId>org.freemarker</groupId>
            <artifactId>freemarker</artifactId>
            <version>2.3.30</version>
        </dependency>
        <!-- 引入jsp解析的依赖       -->
        <dependency>
            <groupId>org.apache.tomcat.embed</groupId>
            <artifactId>tomcat-embed-jasper</artifactId>
        </dependency>
        <dependency>
            <groupId>jstl</groupId>
            <artifactId>jstl</artifactId>
            <version>1.2</version>
        </dependency>
        <!--swagger依赖-->
        <dependency>
            <groupId>io.springfox</groupId>
            <artifactId>springfox-swagger2</artifactId>
            <version>2.9.2</version>
        </dependency>
        <!--swagger ui-->
        <dependency>
            <groupId>io.springfox</groupId>
            <artifactId>springfox-swagger-ui</artifactId>
            <version>2.9.2</version>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <configuration>
                    <excludes>
                        <exclude>
                            <groupId>org.projectlombok</groupId>
                            <artifactId>lombok</artifactId>
                        </exclude>
                    </excludes>
                </configuration>
            </plugin>
        </plugins>
    </build>

</project>

application.properties

server.port=8089

spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimeZone=UTC
spring.datasource.username=root
spring.datasource.password=mysql123
#日志
mybatis-plus.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl
#配置别名
mybatis-plus.type-aliases-package=com.shrimpking.pojo
#swagger
spring.mvc.pathmatch.matching-strategy=ant_path_matcher
#日期格式化
spring.jackson.date-format=yyyy-MM-dd HH:mm:ss
spring.jackson.time-zone= GMT+8

#jsp
spring.mvc.view.prefix=/
spring.mvc.view.suffix=.jsp

mysql数据库

drop table if exists af_user;
create table af_user(
	id int not null auto_increment primary key comment '主键,自增',
	username varchar(50) not null comment '账号',
	`password` varchar(50) not null comment '密码',
	salt varchar(100) not null comment '加密盐'
) comment '用户表';

pojo

user.java

package com.shrimpking.pojo;

import com.baomidou.mybatisplus.annotation.TableName;
import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableId;
import java.io.Serializable;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.EqualsAndHashCode;

/**
 * <p>
 * 用户表
 * </p>
 *
 * @author shrimpking
 * @since 2023-10-03
 */
@Data
@EqualsAndHashCode(callSuper = false)
@TableName("af_user")
@ApiModel(value="User对象", description="用户表")
public class User implements Serializable {

    private static final long serialVersionUID = 1L;

    @ApiModelProperty(value = "主键,自增")
    @TableId(value = "id", type = IdType.AUTO)
    private Integer id;

    @ApiModelProperty(value = "账号")
    private String username;

    @ApiModelProperty(value = "密码")
    private String password;

    @ApiModelProperty(value = "加密盐")
    private String salt;


}

mapper

usermapper.java

package com.shrimpking.mapper;

import com.shrimpking.pojo.User;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import org.apache.ibatis.annotations.Mapper;

/**
 * <p>
 * 用户表 Mapper 接口
 * </p>
 *
 * @author shrimpking
 * @since 2023-10-03
 */
@Mapper
public interface UserMapper extends BaseMapper<User> {

}

mapperxml

usermapper.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.shrimpking.mapper.UserMapper">

    <!-- 通用查询映射结果 -->
    <resultMap id="BaseResultMap" type="com.shrimpking.pojo.User">
        <id column="id" property="id" />
        <result column="username" property="username" />
        <result column="password" property="password" />
        <result column="salt" property="salt" />
    </resultMap>

    <!-- 通用查询结果列 -->
    <sql id="Base_Column_List">
        id, username, password, salt
    </sql>

</mapper>

service

userservice.java

package com.shrimpking.service;

import com.shrimpking.pojo.User;
import com.baomidou.mybatisplus.extension.service.IService;

/**
 * <p>
 * 用户表 服务类
 * </p>
 *
 * @author shrimpking
 * @since 2023-10-03
 */
public interface UserService extends IService<User> {
    //注册用户
    boolean register(User user);
    //根据用户名查询用户实体
    User getUserByUserName(String username);
}

serviceimpl

userservieimpl.java

package com.shrimpking.service.impl;

import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.shrimpking.pojo.User;
import com.shrimpking.mapper.UserMapper;
import com.shrimpking.service.UserService;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.shrimpking.utils.SaltUtils;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import java.util.List;

/**
 * <p>
 * 用户表 服务实现类
 * </p>
 *
 * @author shrimpking
 * @since 2023-10-03
 */
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements UserService {

    @Autowired
    private UserMapper userMapper;

    @Override
    public boolean register(User user)
    {
        //处理登录业务层
        //明文密码进行md5 + 盐 + 散列次数
        //生成随机盐
        String salt = SaltUtils.getSalt(4);
        //加密
        Md5Hash md5Hash = new Md5Hash(user.getPassword(),salt,1024);
        //保存盐
        user.setSalt(salt);
        //保存加密的密码
        //
        user.setPassword(md5Hash.toHex());
        int insert = this.userMapper.insert(user);
        if(insert > 0) return true;
        return false;
    }

    @Override
    public User getUserByUserName(String username)
    {
        //数据库中的username字段没有设置唯一键,使用selecOne会报错,所以返回列表
        LambdaQueryWrapper<User> queryWrapper = new LambdaQueryWrapper<>();
        queryWrapper.eq(User::getUsername,username);
        queryWrapper.orderByDesc(User::getId);
        List<User> userList = this.userMapper.selectList(queryWrapper);
        return userList.get(0);
    }
}

controller

testcontroller.java

package com.shrimpking.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;

/**
 * Created by IntelliJ IDEA.
 *
 * @Author : Shrimpking
 * @create 2023/10/2 22:18
 */
@Controller
@RequestMapping("/test")
public class TestController
{
    /**
     * 登录
     * @param username
     * @param password
     * @return
     */
    @PostMapping("/login")
    public String login(String username,String password){
        //获取主体对象
        Subject subject = SecurityUtils.getSubject();
        //生成令牌token
        AuthenticationToken token = new UsernamePasswordToken(username,password);
        //
        try
        {
            subject.login(token);
            return "redirect:/index.jsp";
        }
        catch (UnknownAccountException e)
        {
            e.printStackTrace();
            System.out.println("用户不存在");
        }
        catch (IncorrectCredentialsException e){
            e.printStackTrace();
            System.out.println("密码错误");
        }
        return "redirect:/login.jsp";
    }

    /**
     * 退出
     * @return
     */
    @GetMapping("/logout")
    public String logout(){
        //获取身份主体
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        return "redirect:/login.jsp";
    }

}

usercontroller.java

package com.shrimpking.controller;


import com.shrimpking.pojo.User;
import com.shrimpking.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RestController;

/**
 * <p>
 * 用户表 前端控制器
 * </p>
 *
 * @author shrimpking
 * @since 2023-10-03
 */
@Controller
@RequestMapping("/user")
public class UserController {

    @Autowired
    private UserService userService;

    @PostMapping("/register")
    public String register(User user){
        boolean register = this.userService.register(user);
        if(register) return "redirect:/login.jsp";
        return "redirect:/register.jsp";
    }
}

config

shiroconfig.java

package com.shrimpking.config;

import com.shrimpking.shiro.realms.CustomerRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;
import java.util.Map;

/**
 * Created by IntelliJ IDEA.
 *
 * @Author : Shrimpking
 * @create 2023/10/2 21:30
 * shiro的配置类
 */
@Configuration
public class ShiroConfig
{
    //创建shirofilter
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager){
        //负责拦截请求
        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
        //设置安全管理器
        factoryBean.setSecurityManager(defaultWebSecurityManager);
        //配置系统受限资源
        Map<String,String> map = new HashMap<>();
        //配置系统公共资源
        map.put("/test/login","anon");
        map.put("/register.jsp","anon");
        map.put("/user/register","anon");
        map.put("/swagger-ui.html#/","anon");
        //请求这个资源需要认证和授权后
        map.put("/**","authc");
        factoryBean.setFilterChainDefinitionMap(map);
        //
        factoryBean.setLoginUrl("/login.jsp");
        return factoryBean;
    }

    //创建安全管理器
    @Bean
    public DefaultWebSecurityManager defaultWebSecurityManager(Realm realm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //设置realm
        securityManager.setRealm(realm);
        return securityManager;
    }

    //创建自定义realm
    @Bean
    public Realm realm(){
        CustomerRealm customerRealm = new CustomerRealm();
        //设置加密凭证匹配器
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        //使用md5加密
        matcher.setHashAlgorithmName("MD5");
        //散列次数
        matcher.setHashIterations(1024);
        //设置匹配器
        customerRealm.setCredentialsMatcher(matcher);
        return customerRealm;
    }
}

swaggerconfig.java

package com.shrimpking.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;

/**
 * Created by IntelliJ IDEA.
 *
 * @Author : Shrimpking
 * @create 2023/9/10 14:58
 */
@Configuration
@EnableSwagger2
public class SwaggerConfig
{
    @Bean
    public Docket createRestApi(){
        return new Docket(DocumentationType.SWAGGER_2).apiInfo(apiInfo()).select()
                .apis(RequestHandlerSelectors.any())
                .paths(PathSelectors.any()).build();
        
    }
    
    private ApiInfo apiInfo(){
        return new ApiInfoBuilder().build();
    }
}

realms

package com.shrimpking.shiro.realms;

import com.shrimpking.pojo.User;
import com.shrimpking.service.UserService;
import com.shrimpking.service.impl.UserServiceImpl;
import com.shrimpking.utils.ApplicationContextUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * Created by IntelliJ IDEA.
 *
 * @Author : Shrimpking
 * @create 2023/10/2 21:42
 * 自定义realm类
 */
public class CustomerRealm extends AuthorizingRealm
{
    @Autowired
    private UserService userService;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection)
    {
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException
    {
        //获取身份信息
        String principal = authenticationToken.getPrincipal().toString();

        User user = this.userService.getUserByUserName(principal);

        //如果使用Autowired自动注入有问题时,请使用这个工具类,获取srping容器中的
        //UserService userService = (UserService) ApplicationContextUtils.getBean("userServiceImpl");
        //User user = userService.getUserByUserName(principal);

        //判断
        if(user != null) {
            return new SimpleAuthenticationInfo(
                    principal,
                    user.getPassword(),
                    ByteSource.Util.bytes(user.getSalt().getBytes()),
                    this.getName()
            );
        }
        return null;
    }
}

utils

saltutils.java

package com.shrimpking.utils;

import java.util.Random;

/**
 * Created by IntelliJ IDEA.
 *
 * @Author : Shrimpking
 * @create 2023/10/3 10:59
 * 生成随机加密盐
 */
public class SaltUtils
{
    public static String getSalt(int n){
        char[] chars = "abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ0123456789".toCharArray();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < n; i++)
        {
            char aChar = chars[new Random().nextInt(chars.length)];
            sb.append(aChar);
        }
        return sb.toString();
    }


}

applicationContextutils.java

package com.shrimpking.utils;

import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.stereotype.Component;

/**
 * Created by IntelliJ IDEA.
 *
 * @Author : Shrimpking
 * @create 2023/10/3 12:26
 * 工具类,获取spring容器中的相应对象
 */
@Component
public class ApplicationContextUtils implements ApplicationContextAware
{
    private static ApplicationContext context;
    @Override
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
    {
        context = applicationContext;
    }

    /**
     * 根据beanName获取spring容器中的类对象实例
     * @param beanName
     * @return
     */
    public static Object getBean(String beanName){
        return context.getBean(beanName);
    }
}

jsp

login.jsp

<%@ page contentType="text/html;charset=UTF-8"  pageEncoding="UTF-8" isELIgnored="false" %>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html>
<head>
    <title></title>
</head>
<body>
<h1>登录管理</h1>
<form action="${pageContext.request.contextPath}/test/login" method="post">
    账号:<input type="text" name="username"><br>
    密码:<input type="password" name="password"><br>
    <input type="submit" value="登录">
</form>
<a href="${pageContext.request.contextPath}/register.jsp">没有账号,请注册</a>
</body>
</html>

index.jsp

<%@ page contentType="text/html;charset=UTF-8"  pageEncoding="UTF-8" isELIgnored="false" %>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html>
<head>
    <title></title>
</head>
<body>
    <h1>系统主页</h1>
    <a href="${pageContext.request.contextPath}/test/logout">退出系统</a>
    <ul>
        <li><a href="#">用户管理</a></li>
        <li><a href="#">菜单管理</a></li>
        <li><a href="#">其他管理</a></li>
    </ul>
</body>
</html>

register.jsp

<%@ page contentType="text/html;charset=UTF-8"  pageEncoding="UTF-8" isELIgnored="false" %>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html>
<head>
    <title></title>
</head>
<body>
<h1>用户注册</h1>
<form action="${pageContext.request.contextPath}/user/register" method="post">
    账号:<input type="text" name="username" required><br>
    密码:<input type="password" name="password" required><br>
    <input type="submit" value="立即注册">
</form>
</body>
</html>

test

package com.shrimpking;

import com.shrimpking.utils.SaltUtils;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;

/**
 * Created by IntelliJ IDEA.
 *
 * @Author : Shrimpking
 * @create 2023/10/3 11:09
 */
@SpringBootTest
public class SaltTest
{

    @Test
    public void test(){
        String salt = SaltUtils.getSalt(4);
        System.out.println(salt);
    }
}

虾米大王
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
shiro整合SpringBoot
10-14
shiro整合SpringBoot,关系到登录,授权等拦截,以templates为案例,包括API接口拦截
spring-security随即加密
chiyi6591的博客
08-29 249
示例demo public static void main(String[] args) { String password = new BCryptPasswordEncoder().encode("123456789"); String password2...
算法:手撕+Spring Security、提高密码安全性的必杀技
GoodManS的CSDN
05-31 1837
本文介绍了加算法在密码哈希中的应用,以及如何通过手写加算法来增强密码的安全性。同时,还介绍了如何在Spring Security中集成加算法以提高用户身份验证的安全性。具体内容包括MD5加密、加密解密过程、加算法的实现方法以及在项目中的应用。最后,作者提供了一些代码示例和操作步骤,帮助读者更好地理解和应用加算法。
SpringSecurity——BCryptPasswordEncoder加密和对密码验证的原理
HD243608836的博客
04-21 2779
BCryptPasswordEncoder使用哈希算法+随机来对字符串加密。因为哈希是一种不可逆算法,所以密码认证时需要使用相同的算法+值来对待校验的明文进行加密,然后比较这两个密文来进行验证。BCryptPasswordEncoder在加密时通过从传入的salt中获取real_salt用来加密,保证了这一点。
随机生成类——SaltUtils
weixin_42822484的博客
06-16 3726
       用户在注册账户时,通常在后端的业务部分会对用户的密码进行加密处理,大多采用 md5 + salt + 散列。是一定长度的随机乱码(字母、数字、特殊符号),每次都是随机生成的,所以可以写一个随机生成类来完成随机的生成。 public class SaltUtils { public static String getSalt(int n){ char[] chars = ("ABCDEFGHIJK
SpringBoot与Shrio(二)MD5随机散列版认证
梦回乌托邦
11-26 445
索引依赖 依赖 依赖加入mybatis、mysql驱动、druid数据源 <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>2.1.4</version>
shiro整合springboot后端分离
08-25
主要介绍了shiro整合springboot后端分离,文中示例代码介绍的非常详细,具有一定的参考价值,感兴趣的小伙伴们可以参考一下
基于springboot实现整合shiro实现登录认证以及授权过程解析
08-25
主要介绍了基于springboot实现整合shiro实现登录认证以及授权过程解析,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
SpringBoot整合Shiro实现登录认证的方法
08-27
主要介绍了SpringBoot整合Shiro实现登录认证的方法,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
springbootshiro整合登录认证和权限管理实例项目
04-16
亲测可用的,springbootshiro整合登录认证和权限管理实例项目,对于学习理论之后需要实战实现功能的初级程序员很有用!
学习springboot时的各种工具类
weixin_43740023的博客
06-27 496
随机生成: package com.bjpowernode.springboot.Utils; import java.util.Random; public class SaltUtil { public static String saltUtil(int n) { char[] chars = "ABCDEFGHIJKLNMOPQRSTUVWXYZabcdefghijklnmopqrstuvwxyz1234567890!@#$%^&*()".toCharAr
SpringBoot整合Shiro
少年有事问春风
10-17 1271
SpringBoot整合Shiro
Shior02(身份认证加密)
qq_63531917的博客
08-25 287
:密码学中是指通过在密码任意固定位置插入特定字符串,让散列后的结果和使用原始密码的散列结果不相符,这样一个过程我们称之为“加”。值:是一组随机的字符串,系统随机生成;Salt可以插在最前面、最后面,也可以插在中间,可分开插入也可倒序。注解:拓:第一代密码 => 数据库明文存储,一旦数据库泄露,用户数据全部泄漏第二代密码 => 数据库加密存储,典型加密算法有 MD5 和 SHA1 ,数据库存储的密码为加密后的密文。...
Shiro学习(三)之MD5+随机salt+Hash散列认证
qq_30072161的博客
05-25 650
MD5: 加密算法不可逆(只能根据明文生成密文;如果内容相同,不论执行多少次md5生成结果始终一致),通常和随机配合使用 一般用来加密或签名 签名:也称为校验和,就是用来判断两个内容是否一致 eg: tomcat.zip tomcat.md5. fdfd… 看是否下载完整,就可以点击tomcat.md5. 看生成的签名和tomcat生成的是否一致 两个文件是否一致?a.txt 和bb.txt 分别md5 看签名是否一致 破解网站的原理:穷举算法 为了解决穷举网站反推出明文,
SecureRandom实现随机salt
焚心似火
12-21 4922
使用secureRandom获得随机字节数组,需要转换为字母数字的随机saltSecureRandom random = new SecureRandom(); byte bytes[] = new byte[15]; random.nextBytes(bytes); String salt = org.apache.commons.codec.binary.Base64.encodeBase64
(原创)随机串的产生,可以用于
fsh364943092的博客
07-12 1053
之前要加密密码的时候,要加入值以加强强度,找了部分,又在网上的基础上修改了下(参考网页:http://blog.csdn.net/wangchangshuai0010/article/details/17188417) //产生长度为length的随机字符串  char pSymbol[] = {'~','`','!','@','#','$','%','^','&',     '*...
随机值(salt)是什么?泄露会出什么问题?
Mask_V的博客
02-26 9668
作者:知乎用户链接:https://www.zhihu.com/question/36445665/answer/83799898来源:知乎著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。题主可参看wiki百科中的词条:(密码学)。若翻不了墙,见下原文:(Salt),在密码学中,是指通过在密码任意固定位置插入特定的字符串,让散列后的结果和使用原始密码的散列结果不相符,这种过...
MD5Hash加密工具类(利用随机
m0_37596145的博客
10-22 6965
package cn.util;import org.apache.shiro.crypto.hash.Md5Hash;public class Encrypt { /* * 散列算法一般用于生成数据的摘要信息,是一种不可逆的算法,一般适合存储密码之类的数据, * 常见的散列算法如MD5、SHA等。一般进行散列时最好提供一个salt(),比如加密密码“admin”,
shiro整合springboot
最新发布
07-28
对于使用Shiro整合Spring Boot,你可以按照以下步骤进行操作: 1. 添加Shiro依赖:在你的Spring Boot项目的pom.xml文件中添加Shiro的依赖。你可以在Maven中央仓库中找到最新版本的Shiro依赖。 2. 配置Shiro:创建...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

虾米大王

有你的支持,我会更有动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值