Apache Shiro教程（3）

shiro自定义realms及加密md5+salt教程

1、添加pom 文件

<dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-spring</artifactId>
      <version>1.9.1</version>
</dependency>

2、创建realms自定义文件

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

public class AuthenticateCustomeRealms extends AuthorizingRealm {
    // 授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }
    // 认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String principal = (String) authenticationToken.getPrincipal();
        // 获取token信息
        System.out.println(principal);
        // 获取数据库相关信息 mybatis
        SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo("xiaochen","123",this.getName());

        return simpleAuthenticationInfo;
    }
}

3、创建测试shiro文件

public class TestCustomerRealm {
    public static void main(String[] args) {
        // 1、c创建 安全管理器
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();

        // 2、设置自定义realms 装配realms
        defaultSecurityManager.setRealm(new AuthenticateCustomeRealms());

        //3、设置安全管理器
        SecurityUtils.setSecurityManager(defaultSecurityManager);

        //4、获取主体 subject
        Subject subject = SecurityUtils.getSubject();

        //5、验证登陆
        // 5.1、获取token
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("xiaochen","123");
        try {
            System.out.println("登陆前："+subject.isAuthenticated());
            subject.login(usernamePasswordToken);
            System.out.println("登陆后："+subject.isAuthenticated());

        }catch (IncorrectCredentialsException exception){
                System.out.print("密码错误");
                exception.printStackTrace();
        } catch(Exception e){
            e.printStackTrace();
        }

    }

4、运行结果

5、MD5加密算法

特点： md5 算法不可逆，无论内容相同，执行多少次md5结果都相同

1. 设置main java文件

步骤： 创建安全管理器、装配自定义realms、创建安全工具类、登陆
此处设置的自定义realms 完成的功能是 md5+salt+hash散列12次,需要将realms自定义类文件设置匹配器，在匹配中设置salt+md5+hash散列 md5\散列为HashedCredentialsMatcher匹配器中设置md5\散列, salt为自定义reamls中进行设置

import com.shrio.srpingbootshrio.realm.AuthorizingRealmMd5Customer;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;


public class TestAuthorizingRealmMd5 {
    public static void main(String[] args) {
        // 1、创建安全管理器
        DefaultSecurityManager securityManager = new DefaultSecurityManager();

        // 2、封装自定义 realm
        AuthorizingRealmMd5Customer authorizingRealmMd5Customer = new AuthorizingRealmMd5Customer();
            // 2.1、设置md5加密匹配器
        HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
        credentialsMatcher.setHashAlgorithmName("md5");
            // 2.1、设置 散列次数
        credentialsMatcher.setHashIterations(12);

        authorizingRealmMd5Customer.setCredentialsMatcher(credentialsMatcher);
        securityManager.setRealm(authorizingRealmMd5Customer);

        // 3、将安全管理器注入安全工具类
        SecurityUtils.setSecurityManager(securityManager);

        // 4、获取主体
        Subject subject = SecurityUtils.getSubject();

        // 5、登陆验证
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("xiaoli","123");
        try {
            System.out.println("登陆前："+subject.isAuthenticated());
            subject.login(usernamePasswordToken);
            System.out.println("登陆后："+subject.isAuthenticated());

        }catch (IncorrectCredentialsException exception){
            System.out.print("密码错误");
            exception.printStackTrace();
        } catch(Exception e){
            e.printStackTrace();
        }
    }
}

2. 设置自定义realms文件

此处的reamls类中需要设置 ByteSource.Util.bytes(“123”)->salt

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

public class AuthorizingRealmMd5Customer extends AuthorizingRealm{
    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }
    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        Object principal = authenticationToken.getPrincipal();

        if ("xiaoli".equals(principal)){
            // 未加salt
            // SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(principal,"202cb962ac59075b964b07152d234b70",this.getName());
            // 加 salt
            //SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(principal,"4297f44b13955235245b2497399d7a93", ByteSource.Util.bytes("123"),this.getName());
            // 加 salt + 散列次数
            SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(principal,"8e1da37657ac12e4bc205eb6abcb60bb", ByteSource.Util.bytes("123"),this.getName());
            return simpleAuthenticationInfo;
        }

        return null;
    }
}

3. 运行

登陆前：false

登陆后：true