/** * 凭证匹配器 * (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了 * ) * @return */ @Bean public HashedCredentialsMatcher hashedCredentialsMatcher(){ HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("md5");//散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashIterations(2);//散列的次数,比如散列两次,相当于 md5(md5("")); return hashedCredentialsMatcher; }
@Inject RootAccountRealm(@Named("root_username") String rootUsername, @Named("root_password_sha2") String rootPasswordSha2) { setCachingEnabled(false); setCredentialsMatcher(new HashedCredentialsMatcher("SHA-256")); setName("root-account-realm"); addRootAccount(rootUsername, rootPasswordSha2); }
/** * HashedCredentialsMatcher,这个类是为了对密码进行编码的, * 防止密码在数据库里明码保存,当然在登陆认证的时候, * 这个类也负责对form里输入的密码进行编码。 */ @Bean(name = "hashedCredentialsMatcher") public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher(); credentialsMatcher.setHashAlgorithmName("MD5"); credentialsMatcher.setHashIterations(2); credentialsMatcher.setStoredCredentialsHexEncoded(true); return credentialsMatcher; }
public static CredentialsMatcher getCredentialsMatcher(final SecurityConfig securityConfig) { // This needs to be in sync with DefaultTenantDao final HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher(HASH_ALGORITHM_NAME); // base64 encoding, not hex credentialsMatcher.setStoredCredentialsHexEncoded(false); credentialsMatcher.setHashIterations(securityConfig.getShiroNbHashIterations()); return credentialsMatcher; } }
/** * 设置认证加密方式 */ @Override public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) { HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher(); md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName); md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations); super.setCredentialsMatcher(md5CredentialsMatcher); } }
/** * api登录接口,通过账号密码获取token */ @RequestMapping("/auth") public Object auth(@RequestParam("username") String username, @RequestParam("password") String password) { //封装请求账号密码为shiro可验证的token UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password.toCharArray()); //获取数据库中的账号密码,准备比对 User user = userMapper.getByAccount(username); String credentials = user.getPassword(); String salt = user.getSalt(); ByteSource credentialsSalt = new Md5Hash(salt); SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo( new ShiroUser(), credentials, credentialsSalt, ""); //校验用户账号密码 HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher(); md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName); md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations); boolean passwordTrueFlag = md5CredentialsMatcher.doCredentialsMatch( usernamePasswordToken, simpleAuthenticationInfo); if (passwordTrueFlag) { HashMap<String, Object> result = new HashMap<>(); result.put("token", JwtTokenUtil.generateToken(String.valueOf(user.getUserId()))); return result; } else { return new ErrorResponseData(500, "账号密码错误!"); } }
/** * Test backwards compatibility of unsalted credentials before * <a href="https://issues.apache.org/jira/browse/SHIRO-186">SHIRO-186</a> edits. */ @Test public void testBackwardsCompatibleUnsaltedAuthenticationInfo() { HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME); //simulate an account with SHA-1 hashed password (no salt) final String username = "username"; final String password = "password"; final Object hashedPassword = new Sha1Hash(password).getBytes(); AuthenticationInfo account = new AuthenticationInfo() { public PrincipalCollection getPrincipals() { return new SimplePrincipalCollection(username, "realmName"); } public Object getCredentials() { return hashedPassword; } }; //simulate a username/password (plaintext) token created in response to a login attempt: AuthenticationToken token = new UsernamePasswordToken("username", "password"); //verify the hashed token matches what is in the account: assertTrue(matcher.doCredentialsMatch(token, account)); }
/** * Test new Shiro 1.1 functionality, where the salt is obtained from the stored account information, as it * should be. See <a href="https://issues.apache.org/jira/browse/SHIRO-186">SHIRO-186</a> */ @Test public void testSaltedAuthenticationInfo() { //use SHA-1 hashing in this test: HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME); //simulate a user account with a SHA-1 hashed and salted password: ByteSource salt = new SecureRandomNumberGenerator().nextBytes(); Object hashedPassword = new Sha1Hash("password", salt); SimpleAuthenticationInfo account = new SimpleAuthenticationInfo("username", hashedPassword, salt, "realmName"); //simulate a username/password (plaintext) token created in response to a login attempt: AuthenticationToken token = new UsernamePasswordToken("username", "password"); //verify the hashed token matches what is in the account: assertTrue(matcher.doCredentialsMatch(token, account)); }
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);
public boolean doCredentialsMatch(String name, String password) { HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(this.hashAlgorithm); matcher.setHashIterations(this.hashIterations); AuthenticationToken token = new UsernamePasswordToken(name, password); AuthenticationInfo info = new SimpleAuthenticationInfo(this.name, ByteSource.Util.bytes(Base64.decode(this.password)), ByteSource.Util.bytes(Base64.decode(this.salt)), ""); return matcher.doCredentialsMatch(token, info); }
/** * 设定Password校验的Hash算法与迭代次数. */ @PostConstruct public void initCredentialsMatcher() { HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(PasswordService.HASH_ALGORITHM); setCredentialsMatcher(matcher); } }
public KnoxLdapRealm() { HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher(HASHING_ALGORITHM); setCredentialsMatcher(credentialsMatcher); }
@Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("MD5"); hashedCredentialsMatcher.setHashIterations(5); return hashedCredentialsMatcher; }
/** * 设定密码校验的Hash算法与迭代次数 */ @PostConstruct public void initCredentialsMatcher() { HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(PasswordUtils.HASH_ALGORITHM); matcher.setHashIterations(PasswordUtils.HASH_INTERATIONS); setCredentialsMatcher(matcher); }
/** * 设定Password校验的Hash算法与迭代次数. */ @PostConstruct public void initCredentialsMatcher() { HashedCredentialsMatcher matcher = new HashedCredentialsMatcher("SHA-1"); matcher.setHashIterations(1024); setCredentialsMatcher(matcher); }
/** * 凭证匹配器 * ) * @return */ @Bean public HashedCredentialsMatcher hashedCredentialsMatcher(){ HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("md5"); hashedCredentialsMatcher.setHashIterations(2); return hashedCredentialsMatcher; }
/** * 设定Password校验的Hash算法与迭代次数. */ @SuppressWarnings("static-access") @PostConstruct public void initCredentialsMatcher() { HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(SecurityUtil.HASH_ALGORITHM); matcher.setHashIterations(SecurityUtil.HASH_INTERATIONS); setCredentialsMatcher(matcher); }
public AppDbRealm() { HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(EncodeKit.HASH_ALGORITHM); matcher.setHashIterations(EncodeKit.HASH_INTERATIONS); setCredentialsMatcher(matcher); }
/** * 凭证匹配器 (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了 * 所以我们需要修改下doGetAuthenticationInfo中的代码; @return */ @Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("md5");// 散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashIterations(2);// 散列的次数,比如散列两次,相当于md5(md5("")); hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);//表示是否存储散列后的密码为16进制,需要和生成密码时的一样,默认是base64; return hashedCredentialsMatcher; }
/** * 设置认证加密方式 */ @Override public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) { HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher(); md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.HASH_ALGORITHM_NAME); md5CredentialsMatcher.setHashIterations(ShiroKit.HASH_ITERATIONS); super.setCredentialsMatcher(md5CredentialsMatcher); }