接本人的上篇文章《Shiro认证、角色、权限》,这篇文章我们来学习shiro的加盐加密实现
自定义Realm:
package com.czhappy.realm; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthenticatingRealm; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; /** * 自定义Realm */ public class CustomRealm extends AuthorizingRealm { Map<String, String> userMap = new HashMap<String, String>(16); { userMap.put("chen", "eeb9bad681184779aa6570e402d6ef6c"); super.setName("customRealm"); } //角色权限验证 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { String userName = (String) principalCollection.getPrimaryPrincipal(); //从数据库或者缓存中获取角色数据 Set<String> roleSet = getRolesByUserName(userName); //从数据库或者缓存中获取权限数据 Set<String> permissionSet = getPermissionsByUserName(userName); SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); simpleAuthorizationInfo.setRoles(roleSet); simpleAuthorizationInfo.setStringPermissions(permissionSet); return simpleAuthorizationInfo; } /** * 模拟从数据库或者缓存中获取权限数据 * @param userName * @return */ private Set<String> getPermissionsByUserName(String userName) { Set<String> sets = new HashSet<String>(); sets.add("user:add"); sets.add("user:delete"); return sets; } /** * 模拟从数据库或者缓存中获取角色数据 * @param userName * @return */ private Set<String> getRolesByUserName(String userName) { Set<String> sets = new HashSet<String>(); sets.add("admin"); sets.add("user"); return sets; } //登录验证 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { //从主体传过来的认证信息中获取用户名 String userName = (String) authenticationToken.getPrincipal(); //通过用户名到数据库中获取凭证 String password = getPasswordByUsername(userName); if(password == null){ return null; } SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo (userName, password, "customRealm"); //设置加盐参数 simpleAuthenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("hello")); return simpleAuthenticationInfo; } /** * 模拟数据库访问 * @param userName * @return */ private String getPasswordByUsername(String userName) { return userMap.get(userName); } }
编写测试实现类:
设置以md5的加密方式加密,加盐的参数设置为:hello
package com.czhappy.test; import com.czhappy.realm.CustomRealm; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.crypto.hash.Md5Hash; import org.apache.shiro.mgt.DefaultSecurityManager; import org.apache.shiro.subject.Subject; import org.junit.Test; public class CustomRealmTest { @Test public void testAuthentication() { CustomRealm customRealm = new CustomRealm(); //创建SecurityManager环境 DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager(); defaultSecurityManager.setRealm(customRealm); HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(); matcher.setHashAlgorithmName("md5");//加密方式 matcher.setHashIterations(1);//加密次数 customRealm.setCredentialsMatcher(matcher); //主体提交认证请求 SecurityUtils.setSecurityManager(defaultSecurityManager); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken("chen", "123456"); subject.login(token); System.out.println("isAuthenticated=" + subject.isAuthenticated()); subject.checkRole("admin"); subject.checkPermissions("user:delete", "user:add"); } public static void main(String[] args) { Md5Hash md5Hash = new Md5Hash("123456", "hello"); System.out.println(md5Hash.toString()); } }