SpringBoot 集成 Shiro:使用Shiro的加密功能(四)
阿新 • • 發佈:2018-09-08
serializa ash 加密 user opened char put cati .com 
因為在實際應用中用戶密碼不會使用明文保存,最廣泛的是使用md5 sha等不可逆的加密算法將密碼加密後存入數據庫,所以在認證的時候也要將登錄請求中的密碼做同樣的加密才能與數據庫中數據做比對。
創建用戶
@Getter @Setter public class User implements Serializable { private String id; private String username; private String password; private String salt; public User(String username, String password) {User.javathis.id = UUID.randomUUID().toString().replace("-", ""); this.username = username; this.salt = getId().substring(0, 6); this.password = new Sha512Hash(password, getSalt()).toString(); } }
創建數據源
public class UserService { private static final Map<String, User> userMap = newUserService.javaHashMap<>(); static { userMap.put("admin1", new User("admin1", "123456")); userMap.put("admin2", new User("admin2", "123456")); } public static User getUserByName(String name) { return userMap.get(name); } }
修改MyRealm
protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken)MyRealm.javathrows AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; String name = token.getUsername(); String password = String.valueOf(token.getPassword()); User user = UserService.getUserByName(name); if (null == user) { return null; } else { String credentials = new Sha512Hash(password, user.getSalt()).toString(); token.setPassword(credentials.toCharArray()); return new SimpleAuthenticationInfo(user, user.getPassword(), getName()); } }
源碼地址:https://github.com/StarkTan/SpringBootShiro
SpringBoot 集成 Shiro:使用Shiro的加密功能(四)