-
Shior02(身份认证加密)
一、盐加密
1. 什么是盐,盐加密是什么
盐:密码学中是指通过在密码任意固定位置插入特定字符串,让散列后的结果和使用原始密码的散列结果不相符,这样一个过程我们称之为“加盐”。
盐值:是一组随机的字符串,系统随机生成;Salt可以插在最前面、最后面,也可以插在中间,可分开插入也可倒序。注解:
拓:
第一代密码 => 数据库明文存储,一旦数据库泄露,用户数据全部泄漏
第二代密码 => 数据库加密存储,典型加密算法有 MD5 和 SHA1 ,数据库存储的密码为加密后的密文。但理论上来说不能被解密,即时数据库丢失,由于存储为密文,故根本无法判断用户原始密码。
第三代密码 => 数据库存储MD5加密后的 {明文密码+Salt} 即 MD5(明文密码+salt),进行加盐处理,当密码设置过于简单,第二代密码加密方式也并不可靠了,也常容易被破解。数据库加入一个Salt盐值字段【salt可以是任意字母、数字、或字母数字的组合,必须是随机产生的】,每个用户Salt值均不相同。加盐加密:是一种对系统登录口令加密的方式,它的实现方式是将每一个口令同一个叫做"盐"salt的n位随机数相关联。 只要口令改变,随机位数就改变。随机数以未加密方式存于口令文件中,每个人可读;不再只是保存加密过的文件,而是先将口令和随机数连接起来一同加密,加密后结果存于口令文件中。
2. 为什么要使用盐加密
在我们实际应用中,出于安全的考虑和数据的保密,常常需要使用到加密算法,一些网站的数据库管理着用户的ID及口令,口令以MD5等加密后的形式存在,但是有些时候可能数据库泄露问题。为解决这种问题,可以考虑盐化的方式,比如存密码不再只是使用传统的明文存储方式,而是可以采用 Hash+Salt (哈希加盐法) 的方式进行密码的存储,这种加入盐值的方式可以防止黑客暴力破解用户ID和口令。
盐值→通过插入在口令后进行HASH算法,即便是相同的口令,插入不同的盐值后生成的HASH值也是不相同的,由于MD5的不可逆性,想要逆向破解MD5也是非常耗时间的。
具体的流程是:
用户注册时:
1、用户在网站注册时提供ID与口令 → 2、系统为用户分配盐值 → 3、盐值插入口令后进行HASH → 4、将ID,HASH值与盐值存入数据库
身份验证时:
1、用户提供ID与口令 → 2、系统在数据库中通过用户提供的ID查找HASH值与盐值 → 3、将盐值插入用户提供的口令后进行HASH → 4、将HASH值与数据库中的HASH值比较,相等则验证成功,反之验证失败二、Shiro认证
pom依赖
web配置
自定义Realm
对应mapper编写
application-shiro配置
登录测试
用户名密码加密pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.example</groupId> <artifactId>ssm02</artifactId> <version>1.0-SNAPSHOT</version> <packaging>war</packaging> <name>ssm02 Maven Webapp</name> <!-- FIXME change it to the project's website --> <url>http://www.example.com</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> <maven.compiler.plugin.version>3.7.0</maven.compiler.plugin.version> <!--添加jar包依赖--> <!--1.spring 5.0.2.RELEASE相关--> <spring.version>5.0.2.RELEASE</spring.version> <!--2.mybatis相关--> <mybatis.version>3.4.5</mybatis.version> <!--mysql--> <mysql.version>5.1.44</mysql.version> <!--pagehelper分页jar依赖--> <pagehelper.version>5.1.2</pagehelper.version> <!--mybatis与spring集成jar依赖--> <mybatis.spring.version>1.3.1</mybatis.spring.version> <!--3.dbcp2连接池相关 druid--> <commons.dbcp2.version>2.1.1</commons.dbcp2.version> <commons.pool2.version>2.4.3</commons.pool2.version> <!--4.log日志相关--> <log4j2.version>2.9.1</log4j2.version> <!--5.其他--> <junit.version>4.12</junit.version> <servlet.version>4.0.0</servlet.version> <lombok.version>1.18.2</lombok.version> </properties> <dependencies> <!--1.spring相关--> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-orm</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-tx</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aspects</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <version>${spring.version}</version> </dependency> <!--2.mybatis相关--> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis</artifactId> <version>${mybatis.version}</version> </dependency> <!--mysql--> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>${mysql.version}</version> </dependency> <!--pagehelper分页插件jar包依赖--> <dependency> <groupId>com.github.pagehelper</groupId> <artifactId>pagehelper</artifactId> <version>${pagehelper.version}</version> </dependency> <!--mybatis与spring集成jar包依赖--> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis-spring</artifactId> <version>${mybatis.spring.version}</version> </dependency> <!--3.dbcp2连接池相关--> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-dbcp2</artifactId> <version>${commons.dbcp2.version}</version> </dependency> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-pool2</artifactId> <version>${commons.pool2.version}</version> </dependency> <!--4.log日志相关依赖--> <!--核心log4j2jar包--> <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-core</artifactId> <version>${log4j2.version}</version> </dependency> <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-api</artifactId> <version>${log4j2.version}</version> </dependency> <!--web工程需要包含log4j-web,非web工程不需要--> <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-web</artifactId> <version>${log4j2.version}</version> </dependency> <!--5.其他--> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>${junit.version}</version> <scope>test</scope> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>${servlet.version}</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <version>${lombok.version}</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${spring.version}</version> </dependency> <!-- jsp依赖--> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>javax.servlet.jsp-api</artifactId> <version>2.3.3</version> </dependency> <dependency> <groupId>jstl</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <dependency> <groupId>taglibs</groupId> <artifactId>standard</artifactId> <version>1.1.2</version> </dependency> <dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <version>1.3.3</version> </dependency> <!--做服务端参数校验 JSR303 的jar包依赖 --> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-validator</artifactId> <version>6.0.7.Final</version> </dependency> <!--用来springMvc接收JSON格式转换--> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>2.9.3</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-core</artifactId> <version>2.9.3</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-annotations</artifactId> <version>2.9.3</version> </dependency> <!-- Shiro框架 --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.3.2</version> </dependency> </dependencies> <build> <finalName>ssm02</finalName> <resources> <!--解决mybatis-generator-maven-plugin运行时没有将XxxMapper.xml文件放入target文件夹的问题--> <resource> <directory>src/main/java</directory> <includes> <include>**/*.xmlsrc/main/resources jdbc.properties *.xml org.apache.maven.plugins maven-compiler-plugin ${maven.compiler.plugin.version} ${maven.compiler.source} ${maven.compiler.target} ${project.build.sourceEncoding} org.mybatis.generator mybatis-generator-maven-plugin 1.3.2 mysql mysql-connector-java ${mysql.version} true maven-clean-plugin 3.1.0 maven-resources-plugin 3.0.2 maven-compiler-plugin 3.8.0 maven-surefire-plugin 2.22.1 maven-war-plugin 3.2.2 maven-install-plugin 2.5.2 maven-deploy-plugin 2.8.2 - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
web配置
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> <display-name>Archetype Created Web Application</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:applicationContext.xml</param-value> </context-param> <!-- 读取Spring上下文的监听器 --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- Spring MVC servlet --> <servlet> <servlet-name>SpringMVC</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <!--此参数可以不配置,默认值为:/WEB-INF/springmvc-servlet.xml--> <init-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/springmvc-servlet.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> <!--web.xml 3.0的新特性,是否支持异步--> <async-supported>true</async-supported> </servlet> <servlet-mapping> <servlet-name>SpringMVC</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <!-- 中文乱码处理 --> <filter> <filter-name>encodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <!--web.xml 3.0的新特性,是否支持异步--> <async-supported>true</async-supported> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>/*shiroFilter org.springframework.web.filter.DelegatingFilterProxy targetFilterLifecycle true shiroFilter /* - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
自定义Realm—MyRealm
package com.xlb.ssm.shiro; import com.xlb.ssm.biz.UserBiz; import com.xlb.ssm.model.User; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; /** * @author 波哥 * @QQ 2212371722 * @company 波哥集团 * @create 2022-08-25 18:27 */ public class MyRealm extends AuthorizingRealm { public UserBiz userBiz; public UserBiz getUserBiz() { return userBiz; } public void setUserBiz(UserBiz userBiz) { this.userBiz = userBiz; } /** * 授权 * @param principals * @return * 替代shiro-web-ini */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { return null; } /** * 认证 * @param token * @return * @throws AuthenticationException * 替代shiro.ini */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { //调用查询方法 String userName = token.getPrincipal().toString(); User user = userBiz.queryUserByName(userName); AuthenticationInfo info = new SimpleAuthenticationInfo( user.getUsername(), user.getPassword(), ByteSource.Util.bytes(user.getSalt()), this.getName()//realm的名字 ); return info; } }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
对应mapper编写
<!--通过用户名进行查询--> <select id="queryUserByName" javaType="com.xlb.ssm.model.User" parameterType="java.lang.String" > select <include refid="Base_Column_List" /> from t_shiro_user where username = #{userName} </select>- 1
- 2
- 3
- 4
- 5
- 6
- 7
User queryUserByName(@Param("userName") String userName);- 1
实现类UserBiz
package com.xlb.ssm.biz; import com.xlb.ssm.model.User; import org.apache.ibatis.annotations.Param; import org.springframework.stereotype.Repository; public interface UserBiz { int deleteByPrimaryKey(Integer userid); int insert(User record); int insertSelective(User record); User selectByPrimaryKey(Integer userid); int updateByPrimaryKeySelective(User record); User queryUserByName(String userName); int updateByPrimaryKey(User record); }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
UserBizImpl
package com.xlb.ssm.biz.impl; import com.xlb.ssm.biz.UserBiz; import com.xlb.ssm.mapper.UserMapper; import com.xlb.ssm.model.User; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; /** * @author 波哥 * @QQ 2212371722 * @company 波哥集团 * @create 2022-08-25 18:22 */ @Service("userBiz") public class UserBizImpl implements UserBiz { @Autowired private UserMapper userMapper; @Override public int deleteByPrimaryKey(Integer userid) { return userMapper.deleteByPrimaryKey(userid); } @Override public int insert(User record) { return userMapper.insert(record); } @Override public int insertSelective(User record) { return userMapper.insertSelective(record); } @Override public User selectByPrimaryKey(Integer userid) { return userMapper.selectByPrimaryKey(userid); } @Override public int updateByPrimaryKeySelective(User record) { return userMapper.updateByPrimaryKeySelective(record); } @Override public User queryUserByName(String userName) { return userMapper.queryUserByName(userName); } @Override public int updateByPrimaryKey(User record) { return userMapper.updateByPrimaryKey(record); } }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
application-shiro配置
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <!--配置自定义的Realm--> <bean id="shiroRealm" class="com.xlb.ssm.shiro.MyRealm"> <property name="userBiz" ref="userBiz" /> <!--注意:重要的事情说三次~~~~~~此处加密方式要与用户注册时的算法一致 --> <!--注意:重要的事情说三次~~~~~~此处加密方式要与用户注册时的算法一致 --> <!--注意:重要的事情说三次~~~~~~此处加密方式要与用户注册时的算法一致 --> <!--以下三个配置告诉shiro将如何对用户传来的明文密码进行加密--> <property name="credentialsMatcher"> <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <!--指定hash算法为MD5--> <property name="hashAlgorithmName" value="md5"/> <!--指定散列次数为1024次--> <property name="hashIterations" value="1024"/> <!--true指定Hash散列值使用Hex加密存. false表明hash散列值用用Base64-encoded存储--> <property name="storedCredentialsHexEncoded" value="true"/> </bean> </property> </bean> <!--注册安全管理器--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="shiroRealm" /> </bean> <!--Shiro核心过滤器--> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- Shiro的核心安全接口,这个属性是必须的 --> <property name="securityManager" ref="securityManager" /> <!-- 身份验证失败,跳转到登录页面 --> <property name="loginUrl" value="/login"/> <!-- 身份验证成功,跳转到指定页面 --> <!--<property name="successUrl" value="/index.jsp"/>--> <!-- 权限验证失败,跳转到指定页面 --> <property name="unauthorizedUrl" value="/unauthorized.jsp"/> <!-- Shiro连接约束配置,即过滤链的定义 --> <property name="filterChainDefinitions"> <value> <!-- 注:anon,authcBasic,auchc,user是认证过滤器 perms,roles,ssl,rest,port是授权过滤器 --> <!--anon 表示匿名访问,不需要认证以及授权--> <!--authc表示需要认证 没有进行身份认证是不能进行访问的--> <!--roles[admin]表示角色认证,必须是拥有admin角色的用户才行--> /user/login=anon /user/updatePwd.jsp=authc /admin/*.jsp=roles[admin] /user/teacher.jsp=perms["user:update"]- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
在配置到总控制器中
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd"> <!--随着后续学习,框架会越学越多,不能将所有的框架配置放到同一个配置间,否则不便管理--> <import resource="applicationContext-mybatis.xml"></import> <import resource="applicationContext-shiro.xml"></import> </beans>- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
ShiroUserController
package com.xlb.ssm.controller; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import javax.servlet.http.HttpServletRequest; /** * @author 波哥 * @QQ 2212371722 * @company 波哥集团 * @create 2022-08-25 18:38 */ @Controller public class ShiroUserController { @RequestMapping("/login") public String login(HttpServletRequest request){ try { //传入 String username = request.getParameter("username"); String password = request.getParameter("password"); //令牌 UsernamePasswordToken token = new UsernamePasswordToken(username,password); //拿到当前登录主题 Subject subject = SecurityUtils.getSubject(); //通过登录主题进行登录 subject.login(token); return "main"; }catch (Exception e){ request.setAttribute("message","账号密码错误"); return "login"; } } @RequestMapping("/logout") public String logout(HttpServletRequest request){ //拿到登录主体 Subject subject = SecurityUtils.getSubject(); subject.logout(); return "login"; } }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
盐要用的工具PasswordHelper
package com.xlb.shiro; import org.apache.shiro.crypto.RandomNumberGenerator; import org.apache.shiro.crypto.SecureRandomNumberGenerator; import org.apache.shiro.crypto.hash.SimpleHash; /** * 用于shiro权限认证的密码工具类 */ public class PasswordHelper { /** * 随机数生成器(生成盐) */ private static RandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator(); /** * 指定hash算法为MD5 */ private static final String hashAlgorithmName = "md5"; /** * 指定散列次数为1024次,即加密1024次 */ private static final int hashIterations = 1024; /** * true指定Hash散列值使用Hex加密存. false表明hash散列值用用Base64-encoded存储 */ private static final boolean storedCredentialsHexEncoded = true; /** * 获得加密用的盐(生成一个随机的盐) * * @return */ public static String createSalt() { return randomNumberGenerator.nextBytes().toHex(); } /** * 获得加密后的凭证 * * @param credentials 凭证(即密码) * @param salt 盐 * @return */ public static String createCredentials(String credentials, String salt) { SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, credentials, salt, hashIterations); return storedCredentialsHexEncoded ? simpleHash.toHex() : simpleHash.toBase64(); } /** * 进行密码验证 * * @param credentials 未加密的密码 * @param salt 盐 * @param encryptCredentials 加密后的密码 * @return */ public static boolean checkCredentials(String credentials, String salt, String encryptCredentials) { return encryptCredentials.equals(createCredentials(credentials, salt)); } public static void main(String[] args) { //盐 String salt = createSalt(); System.out.println(salt); System.out.println(salt.length()); //凭证+盐加密后得到的密码 String credentials = createCredentials("123456", salt); System.out.println(credentials); System.out.println(credentials.length()); boolean b = checkCredentials("123456", salt, credentials); System.out.println(b); } }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
测试
-
相关阅读:
在IDEA中如何新建一个web工程
使用nginx-lua配置统一url自动跳转到hadoop-ha集群的active节点
海外代理IP是什么?如何使用?
【手把手带你学JavaSE】第三篇:运算符和程序逻辑控制
关于需求管理之我见
C语言之文件的使用(下)
构建“零工市场小程序”,服务灵活就业“大民生”
[JAVAee]spring-Bean对象的执行流程与生命周期
【docker】dockerfile优化镜像大小
Android 11.0 Launcher3去掉抽屉模式 双层改成单层(一)
- 原文地址:https://blog.csdn.net/qq_63531917/article/details/126531438
