shiro使用md5&salt&雜湊雜湊加密
阿新 • • 發佈:2021-02-06
技術標籤:shiro學習
我們先得到MD5加密後的字串
@Test
public void test01(){
//md5
Md5Hash md5Hash = new Md5Hash("123456");
System.out.println(md5Hash.toHex());//e10adc3949ba59abbe56e057f20f883e
}
@Test
public void test02(){
//md5+salt
Md5Hash hash = new Md5Hash ("123456", "ABCDE");
System.out.println(hash.toHex());//8cdcdd77a21a5f80e3a88a013bc957f8
}
@Test
public void test03(){
//md5+salt+hash雜湊
Md5Hash hash = new Md5Hash("123456", "ABCDE",1024);
System.out.println(hash.toHex());//abadd954d2234843108de678396229e5
}
定義成一個類方便呼叫
public class Md5Enum {
/**
* 對"123456"直接md5結果
*/
public static final String HEX1 = "e10adc3949ba59abbe56e057f20f883e";
/**
* 對"123456",鹽為"ABCDE"的md5結果
*/
public static final String HEX2 = "8cdcdd77a21a5f80e3a88a013bc957f8" ;
/**
* 對"123456",鹽為"ABCDE",雜湊1024次的md5結果
*/
public static final String HEX3 = "abadd954d2234843108de678396229e5";
/**
* 鹽值
*/
public static final String SALT="ABCDE";
}
一、只用md5不加鹽的hash
1.寫一個配置類
public class UserMd5Authenticator {
@Test
public void test() {
DefaultSecurityManager securityManager = new DefaultSecurityManager();
UserMd5Realm realm = new UserMd5Realm();
//使用hash憑證匹配器,預設是SimpleCredentialsMatcher
realm.setCredentialsMatcher(new HashedCredentialsMatcher("md5"));
securityManager.setRealm(realm);
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("荼白","123456");
try {
subject.login(token);
System.out.println("登入成功");
}catch (UnknownAccountException e){
e.printStackTrace();
}catch (IncorrectCredentialsException e){
e.printStackTrace();
}
}
}
2.自定義realm
public class UserMd5Realm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String) token.getPrincipal();
if(username.equals("荼白")){
return new SimpleAuthenticationInfo(username,"Md5Enum.HEX1",getName());
}
return null;
}
}
執行後得到結果
二、使用md5加鹽的hash
我們的這個類是和上面一樣的
public class UserMd5Authenticator {
@Test
public void test() {
//和上面是一樣的
//...
}
}
我們只需要修改自定義的Realm即可
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
public class UserMd5Realm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String) token.getPrincipal();
if(username.equals("荼白")){
//引數分別為:資料庫使用者名稱,資料庫md5+salt後的密碼,註冊時的隨機鹽,realm的名字
return new SimpleAuthenticationInfo(username,Md5Enum.HEX2
, ByteSource.Util.bytes(Md5Enum.SALT)
,getName());
}
return null;
}
}
執行結果
三、使用md5+salt+雜湊雜湊
注:預設的雜湊次數是1次的
首先是配置類,只需要多加一行程式碼即可
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
public class UserMd5Authenticator {
@Test
public void test() {
DefaultSecurityManager securityManager = new DefaultSecurityManager();
UserMd5Realm realm = new UserMd5Realm();
//使用hash憑證匹配器,預設是SimpleCredentialsMatcher
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher("md5");
//設定雜湊次數,這行是多加的
matcher.setHashIterations(1024);
realm.setCredentialsMatcher(matcher);
securityManager.setRealm(realm);
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("荼白","123456");
try {
subject.login(token);
System.out.println("登入成功");
}catch (UnknownAccountException e){
e.printStackTrace();
}catch (IncorrectCredentialsException e){
e.printStackTrace();
}
}
}
然後是自定義的Realm,和第二種一樣,不需要改變
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
public class UserMd5Realm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String) token.getPrincipal();
if(username.equals("荼白")){
//引數分別為:資料庫使用者名稱,資料庫md5+salt後的密碼,註冊時的隨機鹽,realm的名字
return new SimpleAuthenticationInfo(username,Md5Enum.HEX3
, ByteSource.Util.bytes(Md5Enum.SALT)
,getName());
}
return null;
}
}
執行結果