shiro简单的密码加盐与登录验证

一、pom.xml配置
首先导入依赖，从guns项目的pom.xml中拽出并把版本号替换成1.3.2

	org.apache.shiro
	shiro-core
	1.3.2
	
		
			slf4j-api
			org.slf4j
		
	


	org.apache.shiro
	shiro-spring
	1.3.2


	org.apache.shiro
	shiro-ehcache
	1.3.2
	
		
			slf4j-api
			org.slf4j
		
	


	org.ehcache
	ehcache



	cn.stylefeng.roses
	kernel-core
	1.1.0

二、ShiroKit.java 导入工具类

/**

• shiro工具类

• @author dafei, Chill Zhuang
  */
  public class ShiroKit {

  private static final String NAMES_DELIMETER = “,”;

  /**

  • 加盐参数
    */
    public final static String hashAlgorithmName = “MD5”;

  /**

  • 循环次数
    */
    public final static int hashIterations = 1024;

  /**

  • shiro密码加密工具类
  • @param credentials 密码
  • @param saltSource 密码盐
  • @return
    */
    public static String md5(String credentials, String saltSource) {
    ByteSource salt = new Md5Hash(saltSource);
    return new SimpleHash(hashAlgorithmName, credentials, salt, hashIterations).toString();
    }

  /**

  • 获取随机盐值
  • @param length
  • @return
    */
    public static String getRandomSalt(int length) {
    return ToolUtil.getRandomString(length);
    }
    }

三、创建实体类

/**

• 用户传输bean

• @author stylefeng

• @Date 2017/5/5 22:40
  */
  public class UserDto {

  private Integer id;
  private String account;
  private String password;
  private String salt;
  private String name;

  @DateTimeFormat(pattern = “yyyy-MM-dd”)
  private Date birthday;
  private Integer sex;
  private String email;
  private String phone;
  private String roleid;
  private Integer deptid;
  private Integer status;
  private Date createtime;
  private Integer version;
  private String avatar;

  public Integer getId() {
  return id;
  }

  public void setId(Integer id) {
  this.id = id;
  }

  public String getAccount() {
  return account;
  }

  public void setAccount(String account) {
  this.account = account;
  }

  public String getPassword() {
  return password;
  }

  public void setPassword(String password) {
  this.password = password;
  }

  public String getSalt() {
  return salt;
  }

  public void setSalt(String salt) {
  this.salt = salt;
  }

  public String getName() {
  return name;
  }

  public void setName(String name) {
  this.name = name;
  }

  public Date getBirthday() {
  return birthday;
  }

  public void setBirthday(Date birthday) {
  this.birthday = birthday;
  }

  public Integer getSex() {
  return sex;
  }

  public void setSex(Integer sex) {
  this.sex = sex;
  }

  public String getEmail() {
  return email;
  }

  public void setEmail(String email) {
  this.email = email;
  }

  public String getPhone() {
  return phone;
  }

  public void setPhone(String phone) {
  this.phone = phone;
  }

  public String getRoleid() {
  return roleid;
  }

  public void setRoleid(String roleid) {
  this.roleid = roleid;
  }

  public Integer getDeptid() {
  return deptid;
  }

  public void setDeptid(Integer deptid) {
  this.deptid = deptid;
  }

  public Integer getStatus() {
  return status;
  }

  public void setStatus(Integer status) {
  this.status = status;
  }

  public Date getCreatetime() {
  return createtime;
  }

  public void setCreatetime(Date createtime) {
  this.createtime = createtime;
  }

  public Integer getVersion() {
  return version;
  }

  public void setVersion(Integer version) {
  this.version = version;
  }

  public String getAvatar() {
  return avatar;
  }

  public void setAvatar(String avatar) {
  this.avatar = avatar;
  }
  }
  import java.io.Serializable;
  import java.util.List;

/**

• 自定义Authentication对象，使得Subject除了携带用户的登录名外还可以携带更多信息

• @author fengshuonan

• @date 2016年12月5日 上午10:26:43
  */
  public class ShiroUser implements Serializable {

  private static final long serialVersionUID = 1L;

  public Integer id; // 主键ID
  public String account; // 账号
  public String name; // 姓名
  public Integer deptId; // 部门id
  public List roleList; // 角色集
  public String deptName; // 部门名称
  public List roleNames; // 角色名称集

  public Integer getId() {
  return id;
  }

  public void setId(Integer id) {
  this.id = id;
  }

  public String getAccount() {
  return account;
  }

  public void setAccount(String account) {
  this.account = account;
  }

  public String getName() {
  return name;
  }

  public void setName(String name) {
  this.name = name;
  }

  public Integer getDeptId() {
  return deptId;
  }

  public void setDeptId(Integer deptId) {
  this.deptId = deptId;
  }

  public List getRoleList() {
  return roleList;
  }

  public void setRoleList(List roleList) {
  this.roleList = roleList;
  }

  public String getDeptName() {
  return deptName;
  }

  public void setDeptName(String deptName) {
  this.deptName = deptName;
  }

  public List getRoleNames() {
  return roleNames;
  }

  public void setRoleNames(List roleNames) {
  this.roleNames = roleNames;
  }

}

---

这一块是重点这一块是重点这一块是重点

---

四、创建测试用例test.java
public class test {
public static void main(String[] args){
//假设向数据库存入加密的对象
UserDto user=new UserDto(); //创建一个对象
user.setPassword(“123456”); //模拟密码123456
user.setSalt(ShiroKit.getRandomSalt(5)); //获取5位数的盐
user.setPassword(ShiroKit.md5(user.getPassword(), user.getSalt())); //把盐与密码传入方法中进行 md5加密方式 的1024次加密 最后得出加密密码
System.out.println(“密码：”+user.getPassword()+" "+“Salt：”+ user.getSalt()); //打印 加密后的密码 与 盐的值
//最后把对象存入数据库中，小编看的guns项目以用户名不重复才可存入数据库

//模拟密码
String str=new String();
str=“123456”; //模拟密码为123456
//封装请求账号密码为shiro可验证的token
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(“huasheng”, str.toCharArray()); //"huasheng"为登录时输入的用户名，这里直接写了字符串

    //获取数据库中的账号密码，准备比对   查找用户名所在的用户数据  这里直接用上面定义的user进行测试

// User user = userMapper.getByAccount(username);

    String credentials = user.getPassword();//获取本账号加密过的密码
    String salt = user.getSalt();           //获取本账号中对应盐值
    ByteSource credentialsSalt = new Md5Hash(salt); //放入盐值
    System.out.println("credentialsSaltgetBytes"+credentialsSalt.getBytes());
    System.out.println("credentialsSaltgetClass"+credentialsSalt.getClass());
    SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(
            new ShiroUser(), credentials, credentialsSalt, "");//第一个参数是对象，密码，ByteSource对象，realmName

    //校验用户账号密码
    HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher();
    md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName);//MD5
    md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations);//1024
    boolean passwordTrueFlag = md5CredentialsMatcher.doCredentialsMatch( usernamePasswordToken, simpleAuthenticationInfo);//验证

    if (passwordTrueFlag) {

// HashMap result = new HashMap<>();
// result.put(“token”, JwtTokenUtil.generateToken(String.valueOf(user.getId())));
// return result;
System.out.println(“登陆成功”);
} else {
// return new ErrorResponseData(500, “账号密码错误！”);
System.out.println(“账号密码错误！”);
}
}
}

转自https://blog.csdn.net/qq1026432050/article/details/85944252