1.更改shiro安全管理配置
[html] view plain copy
- <!-- 定义Shiro安全管理配置 -->
- <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
- <!-- <property name="realm" ref="systemAuthorizingRealm" /> -->
- <property name="realm" ref="userRealm" />
- <property name="sessionManager" ref="sessionManager" />
- <property name="cacheManager" ref="shiroCacheManager" />
- </bean>
- <!-- 3.1 直接配置继承了org.apache.shiro.realm.AuthorizingRealm的bean -->
- <bean id="userRealm" class="com.thinkgem.jeesite.modules.sys.security.SystemAuthorizingRealm">
- <!-- 配置密码匹配器 -->
- <property name="credentialsMatcher" ref="credentialsMatcher"/>
- </bean>
- <!-- 凭证匹配器 -->
- <bean id="credentialsMatcher" class="com.thinkgem.jeesite.modules.sys.security.CustomCredentialsMatcher">
- </bean>
<property name="realm" ref="systemAuthorizingRealm" /> ,spring自动注入。
2.自定义密码验证
[java] view plain copy
- /**
- * Description: 告诉shiro如何验证加密密码,通过SimpleCredentialsMatcher或HashedCredentialsMatcher
- * @Author: wjl
- * @Create Date: 2017-3-14
- */
- public class CustomCredentialsMatcher extends SimpleCredentialsMatcher {
- @Override
- public boolean doCredentialsMatch(AuthenticationToken authcToken, AuthenticationInfo info) {
- UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
- Object accountCredentials = getCredentials(info);
- // String pwd =encrypt32(String.valueOf(token.getPassword()));//md5 32位加密
- String pwdType =String.valueOf(token.getPassword());// 判断一下密码是否是用户输入的,还是JCIS传过来的
- if(pwdType.length() == 32){
- return equals(pwdType, accountCredentials); //密码长度=32位,说明是md5加密过,是从xx传进来的 32位加密。
- }
- String pwdUser =encrypt32(String.valueOf(token.getPassword()));//不等于32 是用户输入的密码。 如果用户输入的密码长度位32那么里面会有一个bug
- return equals(pwdUser, accountCredentials);
- //将密码加密与系统加密后的密码校验,内容一致就返回true,不一致就返回false
- //return super.doCredentialsMatch(token, info) ;
- }
3.更改密码验证,注释掉自带的。
[java] view plain copy
- /**
- * 设定密码校验的Hash算法与迭代次数
- */
- // @PostConstruct
- // public void initCredentialsMatcher() {
- // HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(SystemService.HASH_ALGORITHM);
- // matcher.setHashIterations(SystemService.HASH_INTERATIONS);
- // setCredentialsMatcher(matcher);
- // // setCredentialsMatcher(new CustomCredentialsMatcher());
- // }
如果不注释就是用这种方式也可以。
[javascript] view plain copy
- /**
- * 设定密码校验的Hash算法与迭代次数
- */
- @PostConstruct
- public void initCredentialsMatcher() {
- setCredentialsMatcher(new CustomCredentialsMatcher());
- }