java shiro realm 示例一则带加盐

最新推荐文章于 2024-07-18 16:21:56 发布

zb1749

最新推荐文章于 2024-07-18 16:21:56 发布

阅读量324

点赞数

分类专栏： Shiro java

本文链接：https://blog.csdn.net/zb1749/article/details/12621611

版权

Shiro 同时被 2 个专栏收录

1 篇文章 0 订阅

订阅专栏

java

1 篇文章 0 订阅

订阅专栏

public class UsernamePasswordRealm extends AuthorizingRealm {

	public UsernamePasswordRealm() {
		setName("usernamePasswordRealm");
		HashedCredentialsMatcher hcm = new HashedCredentialsMatcher();
		
		//使用SHA-512 加密
		hcm.setHashAlgorithmName(Sha512Hash.ALGORITHM_NAME);
		setCredentialsMatcher(hcm);
	}

	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken authcToken) throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		try {
			//账户的获取
			Account account = userDao.findByUsername(token.getUsername());
			
			if (account != null) {
				SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(
						account.getId(), account.getPassword(), getName());
				//设置加盐，以用户编号加盐，UserID最好以UUID，保证username可改且每个盐值都唯一
				info.setCredentialsSalt(ByteSource.Util.bytes(account.getId()));
				return info;
			}
		} catch (Exception e) {
			e.printStackTrace();
		}

		return null;
	}

	protected AuthorizationInfo doGetAuthorizationInfo(
			PrincipalCollection principals) {
		String userId = (String) principals.fromRealm(getName()).iterator()
				.next();
		try {
			Account user = userDao.findById(userId);
			if (user != null) {
				SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
				//*** 赋权操作
				
				.....
				
				///
				return info;
			}
		} catch (Exception e) {
			e.printStackTrace();
		}

		return null;
	}

}

账户存储段

//使用加盐，并使用id作为盐值 后面toHex 等效于toString
		this.password = new Sha512Hash(password,this.getId()).toHex();

zb1749

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
java shiro realm 示例一则带加盐

public class UsernamePasswordRealm extends AuthorizingRealm { public UsernamePasswordRealm() { setName("usernamePasswordRealm"); HashedCredentialsMatcher hcm = new HashedCredentialsMatcher();
复制链接

扫一扫

专栏目录