String salt = RandomStringUtils.randomAlphanumeric(20);
user.setPassword(new Sha256Hash(user.getPassword(), salt).toHex());
user.setSalt(salt);
登陆时:
//密码错误
if(!user.getPassword().equals(new Sha256Hash(userModel.getPassword(), user.getSalt()).toHex())) {
ShiroUtils.setSessionAttribute(Constant.LOGIN_ERROR_TIMES, ++errorTimes);
return ResultUtil.error("密码不正确").put("errorTimes", errorTimes);
}