正文
Shiro加盐加密
小程序:扫一扫查出行
【扫一扫了解最新限行尾号】
复制小程序
【扫一扫了解最新限行尾号】
复制小程序
接本人的上篇文章《Shiro认证、角色、权限》,这篇文章我们来学习shiro的加盐加密实现
自定义Realm:
package com.czhappy.realm;import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;/**
* 自定义Realm
*/
public class CustomRealm extends AuthorizingRealm { Map<String, String> userMap = new HashMap<String, String>(16);
{
userMap.put("chen", "eeb9bad681184779aa6570e402d6ef6c");
super.setName("customRealm");
} //角色权限验证
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String userName = (String) principalCollection.getPrimaryPrincipal();
//从数据库或者缓存中获取角色数据
Set<String> roleSet = getRolesByUserName(userName); //从数据库或者缓存中获取权限数据
Set<String> permissionSet = getPermissionsByUserName(userName); SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.setRoles(roleSet);
simpleAuthorizationInfo.setStringPermissions(permissionSet);
return simpleAuthorizationInfo;
} /**
* 模拟从数据库或者缓存中获取权限数据
* @param userName
* @return
*/
private Set<String> getPermissionsByUserName(String userName) {
Set<String> sets = new HashSet<String>();
sets.add("user:add");
sets.add("user:delete");
return sets;
} /**
* 模拟从数据库或者缓存中获取角色数据
* @param userName
* @return
*/
private Set<String> getRolesByUserName(String userName) {
Set<String> sets = new HashSet<String>();
sets.add("admin");
sets.add("user");
return sets;
} //登录验证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//从主体传过来的认证信息中获取用户名
String userName = (String) authenticationToken.getPrincipal();
//通过用户名到数据库中获取凭证
String password = getPasswordByUsername(userName); if(password == null){
return null;
}
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo
(userName, password, "customRealm");
//设置加盐参数
simpleAuthenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("hello"));
return simpleAuthenticationInfo;
} /**
* 模拟数据库访问
* @param userName
* @return
*/
private String getPasswordByUsername(String userName) {
return userMap.get(userName);
}
}
编写测试实现类:
设置以md5的加密方式加密,加盐的参数设置为:hello
package com.czhappy.test;import com.czhappy.realm.CustomRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import org.junit.Test;public class CustomRealmTest { @Test
public void testAuthentication() {
CustomRealm customRealm = new CustomRealm();
//创建SecurityManager环境
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(customRealm); HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
matcher.setHashAlgorithmName("md5");//加密方式
matcher.setHashIterations(1);//加密次数 customRealm.setCredentialsMatcher(matcher); //主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("chen", "123456");
subject.login(token); System.out.println("isAuthenticated=" + subject.isAuthenticated());
subject.checkRole("admin");
subject.checkPermissions("user:delete", "user:add"); } public static void main(String[] args) {
Md5Hash md5Hash = new Md5Hash("123456", "hello");
System.out.println(md5Hash.toString());
}
}