shiro+MD5加密
Model
User类添加随机盐字段,用于保存注册时保存在数据库中的随机数
private String salt;
注册
注册时添加如下代码对用户密码加密,盐值 = username + 随机数
String algorithmName = "md5";
String username = user.getUserName();
String password = user.getPassword();
String salt1 = username;
// 随机盐
String salt2 = new SecureRandomNumberGenerator().nextBytes().toHex();
System.out.println(salt2);
int hashIterations = 2;
SimpleHash hash = new SimpleHash(algorithmName, password, ByteSource.Util.bytes(salt1 + salt2), hashIterations);
// 加密后的密码
String encodedPassword = hash.toHex();
System.out.println(encodedPassword);
Realm
更改自定义Realm中的doGetAuthenticationInfo方法,传入盐值ByteSource.Util.bytes(username+salt2)
SimpleAuthenticationInfo ai =
new SimpleAuthenticationInfo(username, password, getName());
ai.setCredentialsSalt(ByteSource.Util.bytes(username+salt2));
ShiroConfig
config中添加hashedCredentialsMatcher()方法,用于密码验证
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher(){
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
// 使用md5 算法进行加密
hashedCredentialsMatcher.setHashAlgorithmName("md5");
// 设置散列次数: 意为加密几次
hashedCredentialsMatcher.setHashIterations(2);
return hashedCredentialsMatcher;
}
更新myShiroRealm()方法,将上述验证方式加入容器
//将自己的验证方式加入容器
@Bean
public CustomRealm myShiroRealm() {
CustomRealm customRealm = new CustomRealm();
customRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return customRealm;
}