/** * 凭证匹配器 * (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了 * ) * @return */ @Bean public HashedCredentialsMatcher hashedCredentialsMatcher(){ HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("md5");//散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashIterations(2);//散列的次数,比如散列两次,相当于 md5(md5("")); return hashedCredentialsMatcher; }
/** * HashedCredentialsMatcher,这个类是为了对密码进行编码的, * 防止密码在数据库里明码保存,当然在登陆认证的时候, * 这个类也负责对form里输入的密码进行编码。 */ @Bean(name = "hashedCredentialsMatcher") public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher(); credentialsMatcher.setHashAlgorithmName("MD5"); credentialsMatcher.setHashIterations(2); credentialsMatcher.setStoredCredentialsHexEncoded(true); return credentialsMatcher; }
/** * 设置认证加密方式 */ @Override public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) { HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher(); md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName); md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations); super.setCredentialsMatcher(md5CredentialsMatcher); } }
/** * api登录接口,通过账号密码获取token */ @RequestMapping("/auth") public Object auth(@RequestParam("username") String username, @RequestParam("password") String password) { //封装请求账号密码为shiro可验证的token UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password.toCharArray()); //获取数据库中的账号密码,准备比对 User user = userMapper.getByAccount(username); String credentials = user.getPassword(); String salt = user.getSalt(); ByteSource credentialsSalt = new Md5Hash(salt); SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo( new ShiroUser(), credentials, credentialsSalt, ""); //校验用户账号密码 HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher(); md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName); md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations); boolean passwordTrueFlag = md5CredentialsMatcher.doCredentialsMatch( usernamePasswordToken, simpleAuthenticationInfo); if (passwordTrueFlag) { HashMap<String, Object> result = new HashMap<>(); result.put("token", JwtTokenUtil.generateToken(String.valueOf(user.getUserId()))); return result; } else { return new ErrorResponseData(500, "账号密码错误!"); } }
/** * 凭证匹配器 * ) * @return */ @Bean public HashedCredentialsMatcher hashedCredentialsMatcher(){ HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("md5"); hashedCredentialsMatcher.setHashIterations(2); return hashedCredentialsMatcher; }
@Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("MD5"); hashedCredentialsMatcher.setHashIterations(5); return hashedCredentialsMatcher; }
/** * 凭证匹配器 * ) * @return */ @Bean public HashedCredentialsMatcher hashedCredentialsMatcher(){ HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("md5"); hashedCredentialsMatcher.setHashIterations(2); return hashedCredentialsMatcher; }
/** * 凭证匹配器 * (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了 * 所以我们需要修改下doGetAuthenticationInfo中的代码; * ) * @return */ @Bean public HashedCredentialsMatcher hashedCredentialsMatcher(){ HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("md5");//散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashIterations(2);//散列的次数,比如散列两次,相当于 md5(md5("")); return hashedCredentialsMatcher; }
/** * 凭证匹配器 (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了 ) * * @return */ @Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); // 散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashAlgorithmName("MD5"); // 散列的次数,比如散列两次,相当于md5(md5("")); hashedCredentialsMatcher.setHashIterations(hashIterations); return hashedCredentialsMatcher; }
/** * (这里我是用自己定义的加密方式,没用到这块,需要的可以释放出来,注意上面的加载) * 凭证匹配器 * (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了 * 所以我们需要修改下doGetAuthenticationInfo中的代码; * ) * @return */ @Bean public HashedCredentialsMatcher hashedCredentialsMatcher(){ HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); //散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashAlgorithmName("md5"); //散列的次数,比如散列两次,相当于 md5(md5("")); hashedCredentialsMatcher.setHashIterations(1); return hashedCredentialsMatcher; }
/** * 凭证匹配器 (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了 * 所以我们需要修改下doGetAuthenticationInfo中的代码; @return */ @Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("md5");// 散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashIterations(2);// 散列的次数,比如散列两次,相当于md5(md5("")); hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);//表示是否存储散列后的密码为16进制,需要和生成密码时的一样,默认是base64; return hashedCredentialsMatcher; }
/*** * 密码凭证匹配器 * @return */ @Bean @ConditionalOnMissingBean public CredentialsMatcher hashedCredentialsMatcher(RedisTemplate<Object,Object> redisTemplate) { HashedCredentialsMatcher matcher=new RetryLimitHashedCredentialsMatcher(redisTemplate); matcher.setHashAlgorithmName ("SHA-512"); //散列的次数,比如散列两次 matcher.setHashIterations (2); matcher.setStoredCredentialsHexEncoded (Boolean.TRUE); return matcher; }
/** * 凭证匹配器 (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了 * 所以我们需要修改下doGetAuthenticationInfo中的代码; ) * @return */ @Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("md5");// 散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashIterations(3);// 散列的次数,比如散列两次,相当于md5(md5("")); hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true); return hashedCredentialsMatcher; }
public class CdiEnvironmentLoaderListener extends EnvironmentLoaderListener { //this is your implementation that extends Authorizing Realm ShiroRealm shiroRealm = null; @Override protected WebEnvironment createEnvironment(ServletContext sc) { WebEnvironment environment = super.createEnvironment(sc); shiroRealm = new ShiroRealm(); RealmSecurityManager rsm = (RealmSecurityManager) environment .getSecurityManager(); HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(); matcher.setHashAlgorithmName(Sha512Hash.ALGORITHM_NAME); shiroRealm.setCredentialsMatcher(matcher); rsm.setRealm(shiroRealm); ((DefaultWebEnvironment) environment).setSecurityManager(rsm); return environment; } }
/** * 设置认证加密方式 */ @Override public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) { HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher(); md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.HASH_ALGORITHM_NAME); md5CredentialsMatcher.setHashIterations(ShiroKit.HASH_ITERATIONS); super.setCredentialsMatcher(md5CredentialsMatcher); }
@Override public void afterPropertiesSet() throws Exception { Assert.notNull(passwordHash, "you must set passwordHash!"); super.setHashAlgorithmName(passwordHash.getAlgorithmName()); super.setHashIterations(passwordHash.getHashIterations()); this.passwordRetryCache = cacheManager.getCache(retryLimitCacheName); } }
@Override public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName); hashedCredentialsMatcher.setHashIterations(ShiroKit.hashIterations); super.setCredentialsMatcher(hashedCredentialsMatcher); } }
/** * 凭证匹配器 (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了 * 所以我们需要修改下doGetAuthenticationInfo中的代码; @return */ @Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new RetryLimitCredentialsMatcher(redisCacheManager()); hashedCredentialsMatcher.setHashAlgorithmName("md5");// 散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashIterations(2);// 散列的次数,比如散列两次,相当于md5(md5("")); hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);// 表示是否存储散列后的密码为16进制,需要和生成密码时的一样,默认是base64; return hashedCredentialsMatcher; }
/** * 设置认证加密方式 */ @Override public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) { HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher(); md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName); md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations); super.setCredentialsMatcher(md5CredentialsMatcher); } }
@Inject public AuthorizingRealmImpl(final RealmSecurityManager realmSecurityManager, final UserManager userManager, final Map<String, UserManager> userManagerMap) { this.realmSecurityManager = realmSecurityManager; this.userManager = userManager; this.userManagerMap = userManagerMap; HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher(); credentialsMatcher.setHashAlgorithmName(Sha1Hash.ALGORITHM_NAME); setCredentialsMatcher(credentialsMatcher); setName(NAME); setAuthenticationCachingEnabled(false); // we authz only, no authc done by this realm setAuthorizationCachingEnabled(true); }