一、加密(添加用户)
@RequestMapping("/add")
public Result addUser(String username,String password){
final SysUser user = new SysUser();
user.setCreateTime(new Date());
String salt = RandomStringUtils.randomAlphanumeric(20);
user.setUsername(username);
user.setSalt(salt);
user.setPassword(ShiroUtils.sha256(password,salt));
user.setStatus(1);
final boolean save = sysUserService.save(user);
if(save){
return Result.ok("注册成功!");
}
return Result.error(500,"注册失败,请稍后重试!");
}
RandomStringUtils依赖
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.6</version>
</dependency>
Result为返回类
public class Result extends HashMap<String, Object> {
private static final long serialVersionUID = 1L;
public Result() {
put("code", 0);
put("msg", "success");
}
public static Result error(int code, String msg) {
Result r = new Result();
r.put("code", code);
r.put("msg", msg);
return r;
}
public static Result error(String msg) {
Result r = new Result();
r.put("code",400);
r.put("msg", msg);
return r;
}
public static Result ok(String msg) {
Result r = new Result();
r.put("msg", msg);
return r;
}
public static Result ok(Map<String, Object> map) {
Result r = new Result();
r.putAll(map);
return r;
}
public static Result ok() {
return new Result();
}
public Result put(String key, Object value) {
super.put(key, value);
return this;
}
}
ShiroUtils代码
package com.zjl.common;
import com.zjl.entity.SysUser;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
/**
* Shiro工具类
*/
public class ShiroUtils {
/** 加密算法 */
public final static String hashAlgorithmName = "SHA-256";
/** 循环次数 */
public final static int hashIterations = 16;
public static String sha256(String password, String salt) {
return new SimpleHash(hashAlgorithmName, password, salt, hashIterations).toString();
}
public static Session getSession() {
return SecurityUtils.getSubject().getSession();
}
public static Subject getSubject() {
return SecurityUtils.getSubject();
}
public static SysUser getUserEntity() {
return (SysUser)SecurityUtils.getSubject().getPrincipal();
}
public static Long getUserId() {
return getUserEntity().getUserId();
}
public static void setSessionAttribute(Object key, Object value) {
getSession().setAttribute(key, value);
}
public static Object getSessionAttribute(Object key) {
return getSession().getAttribute(key);
}
public static boolean isLogin() {
return SecurityUtils.getSubject().getPrincipal() != null;
}
public static void logout() {
SecurityUtils.getSubject().logout();
}
public static String getKaptcha(String key) {
Object kaptcha = getSessionAttribute(key);
if(kaptcha == null){
throw new RuntimeException("验证码已失效");
}
getSession().removeAttribute(key);
return kaptcha.toString();
}
}
二、解密(登陆校验)
Realm代码
public class MyRealm extends AuthorizingRealm {
@Autowired
private SysUserService sysUserService;
@Autowired
private SysCaptchaService sysCaptchaService;
@Autowired
private SysTokenService sysTokenService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
System.out.println("登陆方法");
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("认证方法");
UsernamePasswordToken theToken = (UsernamePasswordToken) token;
System.out.println("用户名"+theToken.getUsername());
//校验用户名密码
final SysUser user = sysUserService.getByUserName(theToken.getUsername());
//用户不存在
if (user == null){
throw new UnknownAccountException("账号不存在");
}
//账号锁定
if(user.getStatus() == 0){
throw new LockedAccountException("账号已被锁定,请联系管理员");
}
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName());
return info;
}
/**
* 指明加密方法
* @param credentialsMatcher
*/
@Override
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
HashedCredentialsMatcher shaCredentialsMatcher = new HashedCredentialsMatcher();
shaCredentialsMatcher.setHashAlgorithmName(ShiroUtils.hashAlgorithmName);
shaCredentialsMatcher.setHashIterations(ShiroUtils.hashIterations);
super.setCredentialsMatcher(shaCredentialsMatcher);
}
}