【shiro】shiro学习笔记3-散列功能
来源:互联网 发布:新浪直播软件下载 编辑:程序博客网 时间:2024/06/05 10:46
对于密码,有很多种加密方式散列是其中 最常用的,shiro提供了直接支持。
环境
<dependencies> <!-- shiro --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.4</version> </dependency> <!--日志问题的解决--> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.7.15</version> </dependency> <!--日志--> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.12</version> <scope>test</scope> </dependency> </dependencies>
目录结构
shiro封装的散列对象(列举常用)
Md5Hash
Md5Hash(Object source, Object salt, int hashIterations)
SimpleHash
SimpleHash(String algorithmName, Object source, Object salt, int hashIterations)
参数含意:source: 要散列的值(这里是明文密码)salt: 盐,用于与source一起散列的值,一般随机生成,用于防止暴力破解hashIterations: 散列的次数algorithmName: simpleHash是其它散列的父类(如下图),如果要用simpleHash就要告诉shiro使用哪种hash方式
代码
log4j.properties
log4j.rootLogger=DEBUG, stdoutlog4j.appender.stdout=org.apache.log4j.ConsoleAppenderlog4j.appender.stdout.layout=org.apache.log4j.PatternLayoutlog4j.appender.stdout.layout.ConversionPattern=%5p [%t] - %m%n
shiro-realm-md5.ini
[main]#注入凭证匹配器cridentialMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatchercridentialMatcher.hashAlgorithmName = MD5cridentialMatcher.hashIterations = 3#注入自定义的realmhashRealm = xyz.mrwood.study.realm.HashRealmhashRealm.credentialsMatcher = $cridentialMatchersecurityManager.realms = $hashRealm
User.java(模拟数据库中的表)
package xyz.mrwood.study.model;/** * Created by Administrator on 2016/2/16. */public class User { private String username; private String password; private String salt; public User(String username, String password, String salt) { this.username = username; this.password = password; this.salt = salt; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public String getSalt() { return salt; } public void setSalt(String salt) { this.salt = salt; } @Override public String toString() { return "User{" + "username='" + username + '\'' + ", password='" + password + '\'' + ", salt='" + salt + '\'' + '}'; }}
HashRealm.java
package xyz.mrwood.study.realm;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.crypto.hash.Md5Hash;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.util.ByteSource;import xyz.mrwood.study.model.User;import java.util.HashMap;import java.util.Map;/** * Created by Administrator on 2016/2/16. */public class HashRealm extends AuthorizingRealm { //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { return null; } //认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { //获得主体(帐号) String principal = (String) authenticationToken.getPrincipal(); //模拟数据库 Map<String, User> users = new HashMap<>(); users.put("kiwi", new User("kiwi", new Md5Hash("22222", "324", 3).toString(), "324")); users.put("fly", new User("fly", new Md5Hash("111111", "123", 3).toString(), "123")); //验证帐号是否存在 if (users.containsKey(principal)){ User user = users.get(principal); System.out.printf(user.toString()); //在realm中只要判断帐号是否存在,密码是否正确交给shiro比较 return new SimpleAuthenticationInfo(principal, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName()); }else{ return null; } }}
AuthenticationTest.java
package xyz.mrwood.study.authentication;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.*;import org.apache.shiro.config.IniSecurityManagerFactory;import org.apache.shiro.mgt.SecurityManager;import org.apache.shiro.subject.Subject;import org.apache.shiro.util.Factory;import org.junit.Test;/** * Created by Administrator on 2016/2/12. */public class AuthenticationTest { @Test public void testHash(){// 构建SecurityManager对象 Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm-md5.ini"); SecurityManager securityManager = factory.getInstance();// 设置SecurityManager进入运行环境 SecurityUtils.setSecurityManager(securityManager);// 构建主体对象 Subject subject = SecurityUtils.getSubject();// 封装帐号密码对象// 密码传明文,所有如果要用这个以后客户端不能再加密了 AuthenticationToken token = new UsernamePasswordToken("kiwi", "22222");// 提交验证 try { subject.login(token); } catch (IncorrectCredentialsException e) { System.out.println("错误的凭证!"); } catch (UnknownAccountException e){ System.out.println("未知帐号!"); } System.out.println("认证:" + subject.isAuthenticated()); }}
总结
- 在realm中只要判断帐号是否存在,密码是否正确交给shiro比较
- shiro的凭证匹配器的作用,就是得到明文密码与salt后怎么去散列,匹配器通过配置,有如下几种
0 0
- 【shiro】shiro学习笔记3-散列功能
- 【shiro】shiro学习笔记1-shiro初识
- java鬼混笔记:shiro 3、shiro下的散列操作(MD5,SHA-1)
- Shiro-散列算法
- apache-shiro 学习笔记
- apache-shiro 学习笔记
- shiro学习笔记
- shiro的学习笔记
- shiro学习笔记-1
- shiro学习笔记-2
- SHiro学习笔记
- Apache Shiro学习笔记
- Shiro学习笔记
- shiro学习笔记
- shiro学习笔记
- 【shiro】shiro学习笔记2-自定义realm
- Shiro学习笔记<1>入门--Hello Shiro
- 【shiro】shiro 学习笔记4-初识shiro授权
- linux中source、bash命令区别
- 开发工具,适配器BaseAdapter
- IOS学习 UIView 页面布局
- solr跨core查询
- photoshop的页面图的长度与宽度获取
- 【shiro】shiro学习笔记3-散列功能
- 【Redis学习笔记(七)】 Redis中的事务
- Linux学习笔记--常用目录及其作用
- KVC,KVO,通知
- Java RMI之HelloWorld篇
- openfire在windows环境和linux环境下的配置
- tomcat源码编译与导入eclipse
- CodeSmith Generator 7.0.2激活步骤
- JAVA 生成uuid