MD5+加盐

1.MD5+盐

由于现在单靠MD5加密已经不再安全,现选择对MD5+盐(几个由字母或数字组成的字符串)提高安全性

2.使用方法

2.1引入Shiro jar包

Shiro是一个强大易用的Java安全框架,提供了认证、授权、加密和会话管理等功能。

引入shiro相关jar包 下载地址:https://download.csdn.net/download/guisu97/11175290

2.2编写加密工具类

import java.util.Iterator;
import java.util.List;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;

import com.quancheng.core.shiro.yl.Toolutil;

public class ShiroKit {
    private static final String NAMES_DELIMETER = ",";
    public static final String hashAlgorithmName = "MD5";
    public static final int hashIterations = 1024;

    public ShiroKit() {
    }
    /*md5加密方法
     参数credentials : 需要加密的字符串 
     参数saltsource  : 盐(随机产生的几位数字或字母)
    */
    public static String md5(String credentials, String saltSource) {
        ByteSource salt = new Md5Hash(saltSource);
        return (new SimpleHash("MD5", credentials, salt, 1024)).toString();
    }
    //盐
    public static String getRandomSalt(int length) {
        return Toolutil.getRandomString(length);
    }
    public static Subject getSubject() {
        return SecurityUtils.getSubject();
    }

   

    public static Session getSession() {
        return getSubject().getSession();
    }

    

    public static void setSessionAttr(String key, Object value) {
        Session session = getSession();
        session.setAttribute(key, value);
    }

    public static void removeSessionAttr(String key) {
        Session session = getSession();
        if (session != null) {
            session.removeAttribute(key);
        }

    }

    public static boolean hasRole(String roleName) {
        return getSubject() != null && roleName != null && roleName.length() > 0 && getSubject().hasRole(roleName);
    }

    public static boolean lacksRole(String roleName) {
        return !hasRole(roleName);
    }

    public static boolean hasAnyRoles(String roleNames) {
        boolean hasAnyRole = false;
        Subject subject = getSubject();
        if (subject != null && roleNames != null && roleNames.length() > 0) {
            String[] var3 = roleNames.split(",");
            int var4 = var3.length;

            for(int var5 = 0; var5 < var4; ++var5) {
                String role = var3[var5];
                if (subject.hasRole(role.trim())) {
                    hasAnyRole = true;
                    break;
                }
            }
        }

        return hasAnyRole;
    }

    public static boolean hasAllRoles(String roleNames) {
        boolean hasAllRole = true;
        Subject subject = getSubject();
        if (subject != null && roleNames != null && roleNames.length() > 0) {
            String[] var3 = roleNames.split(",");
            int var4 = var3.length;

            for(int var5 = 0; var5 < var4; ++var5) {
                String role = var3[var5];
                if (!subject.hasRole(role.trim())) {
                    hasAllRole = false;
                    break;
                }
            }
        }

        return hasAllRole;
    }

    public static boolean hasPermission(String permission) {
        return getSubject() != null && permission != null && permission.length() > 0 && getSubject().isPermitted(permission);
    }

    public static boolean lacksPermission(String permission) {
        return !hasPermission(permission);
    }

    public static boolean isAuthenticated() {
        return getSubject() != null && getSubject().isAuthenticated();
    }

    public static boolean notAuthenticated() {
        return !isAuthenticated();
    }

    public static boolean isUser() {
        return getSubject() != null && getSubject().getPrincipal() != null;
    }

    public static boolean isGuest() {
        return !isUser();
    }

    public static String principal() {
        if (getSubject() != null) {
            Object principal = getSubject().getPrincipal();
            return principal.toString();
        } else {
            return "";
        }
    }

}

 产生盐的具体方法:

import org.apache.commons.lang3.RandomStringUtils;

public class Toolutil {
	
	//生成指定长度的字母和数字的随机组合字符串
	public static String getRandomString(int length) {
		return  RandomStringUtils.randomAlphanumeric(length);
	}

}

 

你可能感兴趣的:(Shiro)