shiro的加密

 

接本文章中自定义realm测试代码：

https://blog.csdn.net/qq_43560721/article/details/105411830

1.在测试类CustomRealmTest中主体提交认证请求前加入以下代码

//shiro加密
        //创建HashedCredentialsMatcher
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        matcher.setHashAlgorithmName("md5");//设置加密算法名称
        matcher.setHashIterations(1);//设置加密次数
        customRealm.setCredentialsMatcher(matcher);//自定义customRealm加密算法中放入我们matcher对象

2.在自定义的CustomRealm自定义的userMap里边密码改为MD5

加密的密码

可以写一main方法计算

3.接下来我们验证一下，验证成功

4.为了我们的密码更完美，我们得加点调料，加盐

main方法计算一下

把自定义的CustomRealm自定义的userMap里边密码改为MD5加盐加密后的string

在认证过程中加加盐

5.接下来我们验证一下，验证成功

如果设置盐是错误的xxs1，将会验证错误，凭证错误

 

附整体代码：

1.自定义realm

package cn.imooc.shiro.realm;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/**
 * @Author xxs
 * @Date 2020/4/8 10:33
 */
public class CustomRealm  extends AuthorizingRealm {

    Map<String,String> userMap = new HashMap<String, String>(16);
    {
        //123   202cb962ac59075b964b07152d234b70  加盐后的787ea83776f422929ec91b73168c0e67
        userMap.put("xxs","787ea83776f422929ec91b73168c0e67");
        super.setName("customRealm");
    }
    //做授权
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        // 1.从主体传过来的认证信息中，获得用户名
        String userName = (String) principalCollection.getPrimaryPrincipal();
        //2.通过用户名到数据库或者缓存中获取角色数据
        Set<String> roles = getRolesByUserName(userName);
        //3.通过用户名到数据库或者缓存中获取权限数据
        Set<String> permissions = getPermissionsByUserName(userName);
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.setStringPermissions(permissions);
        simpleAuthorizationInfo.setRoles(roles);
        return simpleAuthorizationInfo;
    }

    /**
     *模拟数据库或缓存中查询角色的权限
     * @param userName
     * @return
     */
    private Set<String> getPermissionsByUserName(String userName) {
        Set<String> sets = new HashSet<String>();
        sets.add("user:delete");
        sets.add("user:add");
        return sets;
    }

    /**
     *模拟数据库或缓存中查询角色
     * @param userName
     * @return
     */
    private Set<String> getRolesByUserName(String userName) {
        Set<String> sets = new HashSet<String>();
        sets.add("admin");
        sets.add("user");
        return sets;
    }

    //做认证
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
            throws AuthenticationException {
        // 1.从主体传过来的认证信息中，获得用户名
        String userName = (String) authenticationToken.getPrincipal();
        //2.通过用户名到数据库中获取凭证
        String password = getPasswordByUserName(userName);
        if(password==null){
            return null;
        }
        //创建返回对象
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo
                ("xxs", password, "customRealm");//用户名，密码，realm名称
        authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("xxs"));//把我们的盐设置进去
        return authenticationInfo;
    }

    /**
     * 模拟数据库或缓存中查询凭证
     * @param userName
     * @return
     */
    private String getPasswordByUserName(String userName) {
        return userMap.get(userName);
    }

    public static  void  main(String[] args){
        //md5加密
//      Md5Hash md5Hash = new Md5Hash("123");
        //加盐
        Md5Hash md5Hash = new Md5Hash("123","xxs");
        System.out.println(md5Hash.toString());//202cb962ac59075b964b07152d234b70
    }
}

2.测试类

package cn.xxs.test;

import cn.imooc.shiro.realm.CustomRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import org.junit.Test;

/**
 * @Author xxs
 * @Date 2020/4/8 10:49
 */
public class CustomRealmTest {
    @Test
    public void  testAuthentication(){
        CustomRealm customRealm = new CustomRealm();
        //1.构建SecurityManager环境,SecurityManager提供安全服务
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        defaultSecurityManager.setRealm(customRealm);

        //shiro加密
        //创建HashedCredentialsMatcher
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        matcher.setHashAlgorithmName("md5");//设置加密算法名称
        matcher.setHashIterations(1);//设置加密次数
        customRealm.setCredentialsMatcher(matcher);//自定义customRealm加密算法中放入我们matcher对象

        //2.主题提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);//设置SecurityManager环境
        Subject subject = SecurityUtils.getSubject();//获得主体
        UsernamePasswordToken token = new UsernamePasswordToken("xxs","123");//认证数据
        subject.login(token);//提交认证
        System.out.println("isAuthenticated:"+subject.isAuthenticated());//看是否认证 true/false
//        subject.checkRole("admin");//检查角色
//        subject.checkPermission("user:add");//检查权限

    }
}