前提:shiro基本配置已经完毕 增加密码加密加盐以及登录验证
1.在Shiro配置类种加入加密算法
package com.example.demo.config;
import com.example.demo.service.UserService;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("webSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
//设置安全管理器
bean.setSecurityManager(defaultWebSecurityManager);
Map<String,String> filter=new LinkedHashMap<>();
filter.put("/index","authc");
bean.setLoginUrl("/");
bean.setFilterChainDefinitionMap(filter);
return bean;
}
@Bean(name = "webSecurityManager")
public DefaultWebSecurityManager webSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
securityManager.setRealm(userRealm);
return securityManager;
}
// @Qualifier("hashedCredentialsMatcher")HashedCredentialsMatcher hashedCredentialsMatcher
@Bean
public UserRealm userRealm( @Qualifier("hashedCredentialsMatcher")HashedCredentialsMatcher hashedCredentialsMatcher){
UserRealm userRealm=new UserRealm();
userRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return userRealm;
}
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher(){
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
//设置加密算法
hashedCredentialsMatcher.setHashAlgorithmName("MD5");
//设置加密的次数
hashedCredentialsMatcher.setHashIterations(5);
return hashedCredentialsMatcher;
}
}
2.用户注册时对密码进行加盐加密
盐生成方式:通常用用户id+随机数产生(这里直接使用随机数)
String salt=UUID.randomUUID().toString();
加密方法:使用shiro自带的Md5Hash
参数分别为:密码 盐值 加密次数(注意这里加密次数与配置类中加密次数必须一致)
Md5Hash md5Hash=new Md5Hash(password,salt,5);
将加密后的密码和盐值存放在数据库中
3.登录校验
这里的密码对比是通过 密码+盐值对比数据库中的密码
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken usernamePasswordToken=(UsernamePasswordToken)authenticationToken;
List<User> list=userService.queryone(usernamePasswordToken.getUsername());
if (list.size()==1){
System.out.println("success");
try {
return new SimpleAuthenticationInfo("",list.get(0).getPassword(),ByteSource.Util.bytes(list.get(0).getSalt()),"");
}catch (Exception e){
e.printStackTrace();
}
}
return null;
}
具体方法参数如图
public SimpleAuthenticationInfo(Object principal, Object hashedCredentials, ByteSource credentialsSalt, String realmName) {
this.principals = new SimplePrincipalCollection(principal, realmName);
this.credentials = hashedCredentials;
this.credentialsSalt = credentialsSalt;
}
到此 结束------------------------------------------------------------------------------------------------------