其他分享
首页 > 其他分享> > shiro 四 加密realm登录登出

shiro 四 加密realm登录登出

作者:互联网

 shiro加密操作

散列算法一般用于生成数据的摘要信息,是一种不可逆的算法,一般适合存储密码之类的数据,常见的散列算法人MD5、SHA等。一般进行散列算法时最好提供一个盐,比如加密密码(admin),产生的散列值是“21232f9757a837dasddadw”,可以到一些MD5

解密网站很容易的通过散列值得到“admin”,即如果直接对密码进行散列相对来说破解更容易,此时我们可以加一些干扰数据,如:用户名、ID。这样的散列的对象是“密码+用户名+ID”,这样生成的散列值相对来说更难破解。

步骤:1.自定义加密之后realm:重写3个方法:getName 、doGetAuthorizationInfo、doGetAuthenticationInfo三个方法

结构图:

pom文件:

<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>com.study</groupId>
  <artifactId>shiro</artifactId>
  <version>1.0-SNAPSHOT</version>

  <name>shiro</name>
  <!-- FIXME change it to the project's website -->
  <url>http://www.example.com</url>

  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <maven.compiler.source>1.7</maven.compiler.source>
    <maven.compiler.target>1.7</maven.compiler.target>
  </properties>

  <dependencies>


    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>4.11</version>
      <scope>test</scope>
    </dependency>

    <dependency>
      <groupId>commons-logging</groupId>
      <artifactId>commons-logging</artifactId>
      <version>1.1.3</version>
    </dependency>

    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-core</artifactId>
      <version>1.2.2</version>
    </dependency>

  </dependencies>

  <build>
    <pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
      <plugins>
        <!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle -->
        <plugin>
          <artifactId>maven-clean-plugin</artifactId>
          <version>3.1.0</version>
        </plugin>
        <!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging -->
        <plugin>
          <artifactId>maven-resources-plugin</artifactId>
          <version>3.0.2</version>
        </plugin>
        <plugin>
          <artifactId>maven-compiler-plugin</artifactId>
          <version>3.8.0</version>
        </plugin>
        <plugin>
          <artifactId>maven-surefire-plugin</artifactId>
          <version>2.22.1</version>
        </plugin>
        <plugin>
          <artifactId>maven-jar-plugin</artifactId>
          <version>3.0.2</version>
        </plugin>
        <plugin>
          <artifactId>maven-install-plugin</artifactId>
          <version>2.5.2</version>
        </plugin>
        <plugin>
          <artifactId>maven-deploy-plugin</artifactId>
          <version>2.8.2</version>
        </plugin>
        <!-- site lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#site_Lifecycle -->
        <plugin>
          <artifactId>maven-site-plugin</artifactId>
          <version>3.7.1</version>
        </plugin>
        <plugin>
          <artifactId>maven-project-info-reports-plugin</artifactId>
          <version>3.0.0</version>
        </plugin>
      </plugins>
    </pluginManagement>
  </build>
</project>
package com.study.shiro.realm;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

public class PasswordRealm extends AuthorizingRealm {

    @Override
    public String getName() {
        return "PasswordRealm";
    }

    /**
     * 授权
     * @param principals
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        return null;
    }

    /**
     * 认证
     * @param token
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        // 通过用户名查找用户信息,封装成一个AuthenticationInfo对象返回,方便认证器进行对比
        // 获取token中的用户名
        String username = (String) token.getPrincipal();
        // 通过用户名查询数据库,将该用户对应的信息查询出来:账号,密码
        String dbUsername = "zhangsan";
        if(!dbUsername.equals(username)){
            return null;
        }
        // 模拟数据库保存的加密之后的密码666 +账号+散列次数3次
        String password = "cd757bae8bd31da92c6b14c235668091";

        // info对象表示realm登录对比信息:参数1用户信息,参数2,:密码,参数3:盐,参数4:当前realm的名字
        SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(username, password, ByteSource.Util.bytes(dbUsername), getName());
        return simpleAuthenticationInfo;
    }
}

ini文件shiro-cryptography.ini

[main]
#定义凭证匹配器
credentialsMatcher=org.apache.shiro.authc.credential.HashedCredentialsMatcher
#散列算法
credentialsMatcher.hashAlgorithmName=md5
#散列次数
credentialsMatcher.hashIterations=3


#将凭证匹配器设置到realm
myRealm=com.study.shiro.realm.PasswordRealm
myRealm.credentialsMatcher=$credentialsMatcher
securityManager.realms=$myRealm

测试方法:

@Test
    public void testLoginByPasswordRealm() throws Exception{
        // 1.创建SecurityManager工厂对象,加载配置文件,创建
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-cryptography.ini");
        // 2.通过工厂对象,创建Securitymanage对象
        SecurityManager securityManager = factory.getInstance();
        // 3.将securitymanage绑定到当前运行环境中,让系统随时随地的都可以访问securityManager对象
        SecurityUtils.setSecurityManager(securityManager);
        // 4:创建当前登录的主体,注意;此时主体没有经过认证
        Subject subject = SecurityUtils.getSubject();
        // 5:绑定主体登录的身份、凭证,即账号密码
        UsernamePasswordToken token = new UsernamePasswordToken("zhangsan","666");
        try {
            // 6.主体登录
            subject.login(token);
        }catch (IncorrectCredentialsException incorrectCredentialsException){
            System.out.println("密码错误!");
        }catch (UnknownAccountException UnknownAccountException){
            System.out.println("用户名错误!");
        }
        // 7:判断是否登录成功
        System.out.println("验证是否登录1:" + subject.isAuthenticated());
        // 8:登出
        subject.logout();
        System.out.println("验证是否登录2:" + subject.isAuthenticated());
    }

 

标签:realm,plugin,登出,maven,apache,org,散列,shiro
来源: https://blog.csdn.net/m0_38044453/article/details/89875072