shiro框架加盐加密
- 将明文加密成密文保存,账号保存在数据库中是需要加密码的
- 如果只是单纯使用md5或sha1进行加密,容易被人利用"彩虹表"撞库来破解密码,导致密码不安全!这时可以进行加盐加密来解决。
- (1)编写代码对密码加盐加密
(2)编写自定义凭证匹配器
(3)在applicationContext-shiro.xml,添加自定义凭证匹配器
(4)业务层添加条件 - 在添加用户时,密码进行加盐加密存储到数据库
- 还可以在数据库中直接修改加密密码
update pe_user set password=md5('123') where email= 'lw@export.com';
Test
public class TestMD5 {
public static String stringMd5(String plainText){
byte[] secretBytes=null;
try {
secretBytes= MessageDigest.getInstance("md5").digest(plainText.getBytes());
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("没有这个算法");
}
String md5code=new BigInteger(1,secretBytes).toString(16);
for (int i = 0; i < 32-md5code.length(); i++) {
md5code="0"+md5code;
}
return md5code;
}
@Test
public void test01(){
String result=TestMD5.stringMd5("123");
System.out.println(result);
}
@Test
public void test02(){
Md5Hash md5Hash=new Md5Hash("123");
System.out.println(md5Hash);
}
}
工具类CustomCredentialsMatcher
public class CustomCredentialsMatcher extends SimpleCredentialsMatcher {
private Logger l= LoggerFactory.getLogger(this.getClass());
@Override
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info){
UsernamePasswordToken t= (UsernamePasswordToken) token;
String eamil=t.getUsername();
String pwd1=new String(t.getPassword());
l.info("pwd1=="+pwd1);
Md5Hash md5Hash=new Md5Hash(pwd1,eamil);
pwd1=md5Hash.toString();
l.info("pwd1=="+pwd1);
String pwd2= (String) info.getCredentials();
l.info("pwd2=="+pwd2);
if(pwd1.equals(pwd2)){
return true;
}else{
return false;
}
}
}
applicationContext-shiro.xml
<bean id="credentialsMatcher2" class="com.dsf.web.util.CustomCredentialsMatcher">
</bean>
<bean id="authRealm" class="com.dsf.web.shiro.AuthRealm">
<property name="credentialsMatcher" ref="credentialsMatcher2"/>
</bean>
UserServiceImpl
@Override
public void saveUser(User user) {
String uuid= UUID.randomUUID().toString();
user.setUserId(uuid);
if (user.getPassword()!=null){
Md5Hash md5Hash=new Md5Hash(user.getPassword(),user.getEmail());
user.setPassword(md5Hash.toString());
}
iUserDao.save(user);
}