一. 对密码进行 md5 加密
String md5Password = DigestUtils.md5DigestAsHex(user.getPassword().getBytes());
就这么简单!!!!
二. springboot+shiro请参照springboot 与shiro整合——(二)mybatis用户登录认证
三. 在以上基础上增加md5加密,修改代码如下
1.引入依赖
<!-- md5加密 -->
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.6</version>
</dependency>
2. shiro中UserRealm的doGetAuthenticationInfo进行执行认证逻辑
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
@Autowired
private MenuTreeService menuService;
@Autowired
private RoleService roleService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行授权逻辑");
...
}
@Override
protected org.apache.shiro.authc.AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) {
System.out.println("执行认证逻辑");
//编写shiro判读逻辑,判断用户名和密码
UsernamePasswordToken token=(UsernamePasswordToken)arg0;
String username=token.getUsername();
// System.out.println("token.getUsername()====="+token.getUsername());
String password = "";
if (token.getPassword() != null){
password = new String(token.getPassword());
}
System.out.println("用户名"+username+"密码"+password);
User user=userService.getUserByNum(token.getUsername());
if(user==null)
{
return null;
}
return new SimpleAuthenticationInfo(user,user.getPassword(),"");
}
}
3./login后段将密码进行md5加密进行判断.
@RequestMapping("/login")
public String gologin(String name, String password, Model model, HttpServletResponse response, HttpServletRequest request,HttpSession session) throws UnsupportedEncodingException {
System.out.println("跳转login");
/**
* 使用Shiro编写认证操作
*/
//1.获得subject
Subject subject = SecurityUtils.getSubject();
String md5Password = DigestUtils.md5DigestAsHex(password.getBytes());
//2.封装用户数据
UsernamePasswordToken token = new UsernamePasswordToken(name, md5Password);
//3. 执行登录方法
try {
subject.login(token);
//登录成功
System.out.println("登录成功");
return "redirect:/index";
} catch (UnknownAccountException e) {
//用户名不存在 ,登录失败
model.addAttribute("msg", "用户名不存在");
System.out.println("name=用户名不存在 ,登录失败" + name);
return "login";
} catch (IncorrectCredentialsException e) {
//密码错误 ,登录失败
model.addAttribute("msg", "密码错误");
System.out.println("name=密码错误 ,登录失败" + name);
return "login";
}
}
四 前端修改密码时,需要验证老密码,所以需要在前端进行md5转换
下载https://github.com/blueimp/JavaScript-MD5
在页面中引入
<script src="/asserts/js/md5.min.js"></script>
然后javascript代码里修改如下
var hash = md5("value");