1 自定义realm
package org.tzb.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
/**
* @Description 自定义realm, 将认证授权数据的来源转为数据库实现
* @Author tzb
* @Date 2021/8/27 22:03
* @Version 1.0
**/
public class CustomRealm extends AuthorizingRealm {
/**
* 授权
*
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
/**
* 认证
*
* @param token
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// 在token中获取用户名
String username = (String) token.getPrincipal();
System.out.println("token获取的用户名:" + username);
//TODO,根据身份信息使用jdbc,mybatis查询相关的数据库
if ("Mike".equals(username)) {
//参数1,2:数据库查到的用户名和密码
//参数3:当前realm的名字
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo("Mike","123",this.getName());
return simpleAuthenticationInfo;
}
return null;
}
}
/**
* @Description TODO
* @Author tzb
* @Date 2021/8/27 22:05
* @Version 1.0
**/
public class TestCustomRealmAuthenticator {
public static void main(String[] args) {
//1.创建SecurityManager
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
//2.设置realm
defaultSecurityManager.setRealm(new CustomRealm());
//3.安全工具类设置
SecurityUtils.setSecurityManager(defaultSecurityManager);
//4.通过安全工具类获取subject
Subject subject = SecurityUtils.getSubject();
//创建Token
UsernamePasswordToken token = new UsernamePasswordToken("Mike","123");
//执行认证
try {
subject.login(token);
System.out.println("查询授权状态:" + subject.isAuthenticated());
} catch (AuthenticationException e) {
e.printStackTrace();
}
}
}
2 MD5和随机盐
2.1 测试案例
public class TestShiroMD5 {
public static void main(String[] args) {
//md5
Md5Hash md5Hash = new Md5Hash("123");
System.out.println(md5Hash.toHex());
//MD5+salt
Md5Hash md5Hash1 = new Md5Hash("123", "qq");
System.out.println(md5Hash1.toHex());
//md5 + salt + hash散列
Md5Hash md5Hash2 = new Md5Hash("123", "qq", 1024);
System.out.println(md5Hash2.toHex());
}
}
2.2 案例
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
/**
* @Description md5 + salt + hash
* @Author tzb
* @Date 2021/8/28 10:41
* @Version 1.0
**/
public class CustomMd5Realm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//获取身份信息
String principal = (String) token.getPrincipal();
//根据用户名查数据库
if ("Mike".equals(principal)) {
SimpleAuthenticationInfo simpleAuthenticationInfo =
new SimpleAuthenticationInfo("Mike",
"ead587102bc9adbf3ffda3f28d2e5dc8",
ByteSource.Util.bytes("qq"), this.getName());
return simpleAuthenticationInfo;
}
return null;
}
}
/**
* @Description TODO
* @Author tzb
* @Date 2021/8/27 22:05
* @Version 1.0
**/
public class TestCustomMd5RealmAuthenticator {
public static void main(String[] args) {
//1.创建SecurityManager
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
CustomMd5Realm realm = new CustomMd5Realm();
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName("md5");
credentialsMatcher.setHashIterations(1024);
//设置realm使用hash凭证匹配器
realm.setCredentialsMatcher(credentialsMatcher);
//2.设置realm
defaultSecurityManager.setRealm(realm);
//3.安全工具类设置
SecurityUtils.setSecurityManager(defaultSecurityManager);
//4.通过安全工具类获取subject
Subject subject = SecurityUtils.getSubject();
//创建Token
UsernamePasswordToken token = new UsernamePasswordToken("Mike","123");
//执行认证
try {
subject.login(token);
System.out.println("查询授权状态:" + subject.isAuthenticated());
} catch (AuthenticationException e) {
e.printStackTrace();
}
}
}