1. 新建第二个realm,加密算法改为SHA1
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { System.out.println("=========>SecondRealm doGetAuthenticationInfo"); UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; String username = token.getUsername() ; if("unknown".equals(username)){ throw new UnknownAccountException("用户名不存在") ; } Object principal = username ; Object credentials= "3416bb24c2d3e88cc79e261ec63c1c324e6614b9" ; ByteSource credentialsSalt = ByteSource.Util.bytes(username); String realmName = getName() ; AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(principal,credentials,credentialsSalt,realmName) ; return authenticationInfo; }
2. spring-context-shiro.xml中对secondRealm进行配置
2.1 声明SecondRealm
<bean id="secondRealm" class="com.pawn.shiro.realm.SecondRealm"> <property name="credentialsMatcher"> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="SHA1"/> <property name="hashIterations" value="1"/> </bean> </property> </bean>
2.2 SecurityManager进行多Realm的配置
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="cacheManager" ref="cacheManager"/> <property name="authenticator"> <bean class="org.apache.shiro.authc.pam.ModularRealmAuthenticator"> <property name="realms"> <list> <ref bean="jdbcRealm"/> <ref bean="secondRealm"/> </list> </property> </bean> </property> </bean>