public class UsernamePasswordRealm extends AuthorizingRealm {
public UsernamePasswordRealm() {
setName("usernamePasswordRealm");
HashedCredentialsMatcher hcm = new HashedCredentialsMatcher();
//使用SHA-512 加密
hcm.setHashAlgorithmName(Sha512Hash.ALGORITHM_NAME);
setCredentialsMatcher(hcm);
}
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
try {
//账户的获取
Account account = userDao.findByUsername(token.getUsername());
if (account != null) {
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(
account.getId(), account.getPassword(), getName());
//设置加盐,以用户编号加盐,UserID最好以UUID,保证username可改且每个盐值都唯一
info.setCredentialsSalt(ByteSource.Util.bytes(account.getId()));
return info;
}
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
String userId = (String) principals.fromRealm(getName()).iterator()
.next();
try {
Account user = userDao.findById(userId);
if (user != null) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//*** 赋权操作
.....
///
return info;
}
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
}
账户存储段
//使用加盐,并使用id作为盐值 后面toHex 等效于toString
this.password = new Sha512Hash(password,this.getId()).toHex();