先看(Shiro自带的Md5加密方法)MD5加密的例子
public static void main(String[] args) {
String password ="666";
Md5Hash md5Hash =new Md5Hash(password);
System.out.println(md5Hash);
//加盐
md5Hash=new Md5Hash(password,"zhangsan");
System.out.println(md5Hash);
//加盐+散列次数
md5Hash =new Md5Hash(password,"zhangsan",3);
System.out.println(md5Hash);
}
输出MD5加密后结果:
fae0b27c451c728867a567e8c1bb4e53
2f1f526e25fdefa341c7a302b47dd9df
cd757bae8bd31da92c6b14c235668091
项目结构:
1)自定义加密后的Realm(PasswordRealm.java)
public class PasswordRealm extends AuthorizingRealm {
@Override
public String getName() {
return "PasswordRealm";
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//参数token:表示登陆时保证的UsernamePasswordToken
//通过用户名到数据库中查用户信息,封装成一个AuthenticationInfo认证对象返回,方便认证器进行对比
String username =(String) authenticationToken.getPrincipal();
//通过用户名查询数据库,讲改用户对应数据查询返回:账号与密码
//假设查询数据库返回数据为:zhangsan 666
if(!"zhangsan".equals(username)){
return null;
}
//已经加密后的密码(666,已加盐,且三次散列)
String password="cd757bae8bd31da92c6b14c235668091";
//info对象表示realm登陆对比信息,(用户名,密码,加盐,realm名字)
SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(username,password, ByteSource.Util.bytes("zhangsan"),getName());
return info;
}
}
注意:info要添加盐(ByteSource.Util.bytes("zhangsan"))
2)创建配置文件(shiro-crytography.ini)
[main]
#定义凭证匹配器
credentialsMatcher=org.apache.shiro.authc.credential.HashedCredentialsMatcher
#散列算法
credentialsMatcher.hashAlgorithmName=md5
#散列次数
credentialsMatcher.hashIterations=3
#自定义realm
myRealm=com.fxys.day03PasswordEncryption.PasswordRealm
#绑定加密
myRealm.credentialsMatcher=$credentialsMatcher
#指定Securitymanager的realm实现
securityManager.realms=$myRealm
3)测试类
public class MD5Test {
/* public static void main(String[] args) {
String password ="666";
Md5Hash md5Hash =new Md5Hash(password);
System.out.println(md5Hash);
//加盐
md5Hash=new Md5Hash(password,"zhangsan");
System.out.println(md5Hash);
//加盐+散列次数
md5Hash =new Md5Hash(password,"zhangsan",3);
System.out.println(md5Hash);
}*/
public static void main(String[] args) {
//1.创建SecurityManager工厂对象,并加载配置文件
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-crytography.ini");
//2.通过工厂对象,创建SecurityManager对象
SecurityManager securityManager = factory.getInstance();
//3.讲SecurityManager绑定到当前运行环境中,让系统随时随地都可以访问securitymanager对象
SecurityUtils.setSecurityManager(securityManager);
//4.创建当前登录主体,注意,此时主体没有经过认证
Subject subject = SecurityUtils.getSubject();
//5.收集主体登陆的身份/凭着,即账号密码
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "666");
try {
//6.主体登陆,如果账号或者密码其中一个错误,则抛出异常
subject.login(token);
} catch (Exception e) {
e.printStackTrace();
}
//7.判断是否成功
System.out.println("登陆是否成功" + subject.isAuthenticated());
//8.登出(注销)
subject.logout();
System.out.println("登陆是否成功" + subject.isAuthenticated());
}
}
这里不需要加密,配置文件后自动加密了