shiro----Realm使用散列算法

shiro----Realm使用散列算法
pom.xml

     <dependency>       <groupId>commons-logging</groupId>       <artifactId>commons-logging</artifactId>       <version>1.1.3</version>     </dependency>      <dependency>       <groupId>org.apache.shiro</groupId>       <artifactId>shiro-core</artifactId>       <version>1.3.2</version>     </dependency>      <dependency>       <groupId>junit</groupId>       <artifactId>junit</artifactId>       <version>4.11</version>     </dependency>  

DefinitionRealm

import com.itheima.shiro.service.SecurityService; import com.itheima.shiro.service.impl.SecurityServiceImpl; import com.itheima.shiro.tools.DigestsUtil; import org.apache.shiro.authc.*; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource;  import java.util.Map;  /**  * @Description:  */ public class DefinitionRealm extends AuthorizingRealm {      public DefinitionRealm() {         //指定密码匹配方式sha1         HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(DigestsUtil.SHA1);         //指定密码迭代此时         hashedCredentialsMatcher.setHashIterations(DigestsUtil.ITERATIONS);         //使用父层方法是匹配方式生效         setCredentialsMatcher(hashedCredentialsMatcher);     }      /**      * @Description 认证方法      */     @Override     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {         //获取登录名         String loginName = (String) authenticationToken.getPrincipal();         SecurityService securityService = new SecurityServiceImpl();         Map<String, String> map = securityService.findPasswordByLoginName(loginName);         if(map.isEmpty()){             throw  new UnknownAccountException("账户不存在");         }         String salt = map.get("salt");         String password = map.get("password");         return new SimpleAuthenticationInfo(loginName,password, ByteSource.Util.bytes(salt),getName());     }      /**      * @Description 鉴权方法      */     @Override     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {         return null;     }   } 

SecurityServiceImpl

import com.itheima.shiro.service.SecurityService; import com.itheima.shiro.tools.DigestsUtil;  import java.util.Map;  /**  * @Description:模拟数据库操作服务接口实现  */ public class SecurityServiceImpl implements SecurityService {      @Override     public Map<String,String> findPasswordByLoginName(String loginName) {         return DigestsUtil.entryptPassword("123");     } } 

SecurityService

/**  * @Description:模拟数据库操作服务接口  */ public interface SecurityService {      /**      * @Description 查找用户密码      * @param loginName 用户名称      * @return 密码      */     Map<String,String> findPasswordByLoginName(String loginName); }  

DigestsUtil

import org.apache.shiro.crypto.SecureRandomNumberGenerator; import org.apache.shiro.crypto.hash.SimpleHash;  import java.util.HashMap; import java.util.Map;  /**  * @Description:摘要  */ public class DigestsUtil {      public static final String SHA1 = "SHA-1";      public static final Integer ITERATIONS =512;      /**      * @Description sha1方法      * @param input 需要散列字符串      * @param salt 盐字符串      * @return      */     public static String sha1(String input, String salt) {        return new SimpleHash(SHA1, input, salt,ITERATIONS).toString();     }      /**      * @Description 随机获得salt字符串      * @return      */     public static String generateSalt(){         SecureRandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator();         return randomNumberGenerator.nextBytes().toHex();     }       /**      * @Description 生成密码字符密文和salt密文      * @param      * @return      */     public static Map<String,String> entryptPassword(String passwordPlain) {        Map<String,String> map = new HashMap<>();        String salt = generateSalt();        String password =sha1(passwordPlain,salt);        map.put("salt", salt);        map.put("password", password);        return map;     } } 

EncodesUtil

import org.apache.shiro.codec.Base64; import org.apache.shiro.codec.Hex;  /**  * @Description:封装base64和16进制编码解码工具类  */ public class EncodesUtil {      /**      * @Description HEX-byte[]--String转换      * @param input 输入数组      * @return String      */     public static String encodeHex(byte[] input){         return Hex.encodeToString(input);     }      /**      * @Description HEX-String--byte[]转换      * @param input 输入字符串      * @return byte数组      */     public static byte[] decodeHex(String input){         return Hex.decode(input);     }      /**      * @Description Base64-byte[]--String转换      * @param input 输入数组      * @return String      */     public static String encodeBase64(byte[] input){         return Base64.encodeToString(input);     }      /**      * @Description Base64-String--byte[]转换      * @param input 输入字符串      * @return byte数组      */     public static byte[] decodeBase64(String input){         return Base64.decode(input);     }  } 

HelloShiro

import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.config.IniSecurityManagerFactory; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.Factory; import org.junit.Test;  /**  * @Description:shiro的第一个例子  */ public class HelloShiro {      @Test     public void shiroLogin(){         //导入INI配置创建工厂         Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");         //工厂构建安全管理器         SecurityManager securityManager = factory.getInstance();         //使用工具生效安全管理器         SecurityUtils.setSecurityManager(securityManager);         //使用工具获得subject主体         Subject subject = SecurityUtils.getSubject();         //构建账户密码         UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("jay","123");         //使用subject主体去登录         subject.login(usernamePasswordToken);         //打印登录信息         System.out.println("登录结果:"+subject.isAuthenticated());     }  } 

shiro.ini

#声明自定义的realm,且为安全管理器指定realms [main] definitionRealm=com.itheima.shiro.realm.DefinitionRealm securityManager.realms=$definitionRealm #声明用户账号 #[users] #jay=123 

版权声明:玥玥 发表于 2021-05-24 3:42:36。
转载请注明:shiro----Realm使用散列算法 | 女黑客导航