密码加盐与密码验证"/>
shiro简单的密码加盐与密码验证
public class test {public static void main(String[] args){//假设向数据库存入加密的对象UserDto user=new UserDto(); //创建一个对象user.setPassword("123456"); //模拟密码123456user.setSalt(ShiroKit.getRandomSalt(5)); //获取5位数的盐user.setPassword(ShiroKit.md5(user.getPassword(), user.getSalt())); //把盐与密码传入方法中进行 md5加密方式 的1024次加密 最后得出加密密码System.out.println("密码:"+user.getPassword()+" "+"Salt:"+ user.getSalt()); //打印 加密后的密码 与 盐的值
//最后把对象存入数据库中,小编看的guns项目以用户名不重复才可存入数据库//模拟密码String str=new String();str="123456"; //模拟密码为123456//封装请求账号密码为shiro可验证的tokenUsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("huasheng", str.toCharArray()); //"huasheng"为登录时输入的用户名,这里直接写了字符串//获取数据库中的账号密码,准备比对 查找用户名所在的用户数据 这里直接用上面定义的user进行测试
// User user = userMapper.getByAccount(username);String credentials = user.getPassword();//获取本账号加密过的密码String salt = user.getSalt(); //获取本账号中对应盐值ByteSource credentialsSalt = new Md5Hash(salt); //放入盐值System.out.println("credentialsSaltgetBytes"+credentialsSalt.getBytes());System.out.println("credentialsSaltgetClass"+credentialsSalt.getClass());SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(new ShiroUser(), credentials, credentialsSalt, "");//第一个参数是对象,密码,ByteSource对象,realmName//校验用户账号密码HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher();md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName);//MD5md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations);//1024boolean passwordTrueFlag = md5CredentialsMatcher.doCredentialsMatch( usernamePasswordToken, simpleAuthenticationInfo);//验证if (passwordTrueFlag) {
// HashMap<String, Object> result = new HashMap<>();
// result.put("token", JwtTokenUtil.generateToken(String.valueOf(user.getId())));
// return result;System.out.println("登陆成功");} else {
// return new ErrorResponseData(500, "账号密码错误!");System.out.println("账号密码错误!");}}
}
加密参考文献
更多推荐
shiro简单的密码加盐与密码验证
发布评论