• 关于Shiro的盐值加密法的使用


    package com.shiro.bean;
    
    import java.sql.Connection;
    import java.sql.DriverManager;
    import java.sql.PreparedStatement;
    import java.sql.ResultSet;
    import java.sql.SQLException;
    
    import org.apache.shiro.authc.AuthenticationException;
    import org.apache.shiro.authc.AuthenticationInfo;
    import org.apache.shiro.authc.AuthenticationToken;
    import org.apache.shiro.authc.SimpleAuthenticationInfo;
    import org.apache.shiro.authc.UsernamePasswordToken;
    import org.apache.shiro.crypto.hash.SimpleHash;
    import org.apache.shiro.realm.AuthenticatingRealm;
    import org.apache.shiro.util.ByteSource;
    /**
     * @author layne
     * Action方法中执行subject.login(token)时会通过IOC容器调取Realm域进行数据和前端数据比对
     */
    public class ShiroRealm extends AuthenticatingRealm {
         /**
         * Returns all principals associated with the corresponding Subject.  Each principal is an identifying piece of
         * information useful to the application such as a username, or user id, a given name, etc - anything useful
         * to the application to identify the current <code>Subject</code>.
         * The returned PrincipalCollection should <em>not</em> contain any credentials used to verify principals, such
         * as passwords, private keys, etc.  Those should be instead returned by {@link #getCredentials() getCredentials()}.
         * @return all principals associated with the corresponding Subject.
         * 
         * doGetAuthenticationInfo,获取认证消息,如果数据库没有数据,返回null.
         * AuthenticationInfo可以使用 SimpleAuthenticationInfo实现类,封装给正确用户名和密码
         * token参数:需要验证的token
         */
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
            /**
             * 1.将token转换为UsernamePasswordToken
             * 2.获取用户名
             * 3.查询数据库,进行验证
             * 4.结果返回
             * 5.验证不通过,抛出异常
             */
            //1.将token转换为UsernamePasswordToken
            UsernamePasswordToken upToken = (UsernamePasswordToken)token;
            //2.获取用户名
            String userName = upToken.getUsername();
            //获取用户名后。通过查询用户名查询数据库是否有值,有值则进行密码验证。
            SimpleAuthenticationInfo info=null;
            //3。查询数据库
            //使用JDBC链接数据库进行查询
            try {
                    Class.forName("com.mysql.jdbc.Driver");
                    String url="jdbc:mysql://localhost:3306/test";
                    Connection conn=DriverManager.getConnection(url,"root","");
                    PreparedStatement ps = conn.prepareStatement("select * from account where name=?");
                    ps.setString(1, userName);
                    ResultSet rs = ps.executeQuery();
                    if(rs.next()){
                        Object principal=userName;
                        Object credentials=rs.getString(3);
                        String realmName=this.getName();
                        //设置盐值
                        ByteSource salt=ByteSource.Util.bytes(userName);
                        
                        //SimpleHash sh=new SimpleHash(algorithmName, source, salt, iterations); 
                                                      //   加密类型                       加密资源        盐值加密      加密次数
                        //给从数据库中拿到的密码做MD5的加密
                        SimpleHash sh=new SimpleHash("MD5", credentials, salt, 1024);
                        //info = new SimpleAuthenticationInfo(principal, credentials, realmName);
                        //info = new SimpleAuthenticationInfo(principal, sh, realmName);
                        //通过关于盐值的构造器,将前端传入的密码在加密时再加入盐值
                        info = new SimpleAuthenticationInfo(principal, sh, salt, realmName);
                    }else{
                        throw new AuthenticationException();
                    }
                } catch (ClassNotFoundException e) {
                    e.printStackTrace();
                } catch (SQLException e) {
                    e.printStackTrace();
            }
            return info;
        }
    }

  • 相关阅读:
    使用Notepad++进行php开发所必需的插件
    jquery操作复选框(checkbox)的12个小技巧总结
    深入理解拆箱
    史上最全UML的详细解析
    我理解的invoke和begininvoke
    java中的冒泡排序算法
    java中的选择排序算法
    Java实现将json中的数值插入到mysql中
    Java实现对mysql中的数值进行读取、插入、更新、删除
    Java连接MySQL数据库
  • 原文地址:https://www.cnblogs.com/flytogalaxy/p/7697907.html
Copyright © 2020-2023  润新知