SpringBoot集成Shiro实现密码加密,解密
实现方式
-
在ShiroConfig中实现
public HashedCredentialsMatcher hashedCredentialsMatcher(){}
用来登录验证时使用
-
注册时密码加密主要是 在ServiceImpl中的Save()方法具体实现 盐值的产生 MD5算法加密 最后把盐 和 加密密码存到数据库
//盐
String Salt = new SecureRandomNumberGenerator().nextBytes().toHex();
//加密
SimpleHash simpleHash = new SimpleHash("md5",user.getPassword(),Salt,1);
String NewPassword = simpleHash.toString();
user.setPassword(NewPassword);
user.setSalt(Salt);
return userMapper.insert(user);
-
登录密码实现验证:
-
在Controller中把username,password传到UsernamePasswordToken中
-
在UserRealm中通过用户名获取数据库中的用户 进行密码比对
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken passwordToken = (UsernamePasswordToken) token; User user = userService.findByUserName(passwordToken.getUsername()); String DBPassword=user.getPassword(); String Salt= user.getSalt(); return new SimpleAuthenticationInfo(user,DBPassword, ByteSource.Util.bytes(Salt),""); } }
-
具体实现
User类只id,username,password,salt
- Config
-
shiroConfig—这里就没有过滤了 主要是为了测试加密解密
-
package com.study.config; import com.study.pojo.User; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.mgt.WebSecurityManager; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class ShiroConfig { @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager webSecurityManager) { ShiroFilterFactoryBean filterFactoryBean = new ShiroFilterFactoryBean()