阿里云国内75折 回扣 微信号:monov8 |
阿里云国际,腾讯云国际,低至75折。AWS 93折 免费开户实名账号 代冲值 优惠多多 微信号:monov8 飞机:@monov6 |
Spring Boot学习篇(十)
shiro安全框架使用篇(二)——登录实例(密码以密文方式存储,不含记住密码)
1.模拟注册时,生成密文到数据库中
1.1 在zlz包下创建util包,并在下面创建SHAUtil01类(初始里面无方法)和SHAUtil02类,其目录结构如下所示
1.2 两种生成密文的方式
1.2.1 自己指定盐
a 核心代码
public static String shaPassword(String oldPwd,String salt){
return new SimpleHash("sha-256",oldPwd,salt,100).toString();
}
b 完整代码
package com.zlz.util;
import org.apache.shiro.crypto.hash.SimpleHash;
import java.util.Random;
public class SHAUtil01 {
public static String shaPassword(String oldPwd,String salt){
return new SimpleHash("sha-256",oldPwd,salt,100).toString();
}
public static void main(String[] args) {
String newPwd = SHAUtil01.shaPassword("admim", "q1");
System.out.println(newPwd);
}
}
1.2.2 随机生成盐
a 核心代码
static Random random=new Random();
public static String getSalt(){
String salts="ewsfjbwdufgsfsnuivhe123456789/*;[]";
StringBuffer salt=new StringBuffer();
for (int i = 1; i <=10; i++) {
char c=salts.charAt(random.nextInt(salts.length()));
salt.append(String.valueOf(c));
}
return salt.toString();
}
public static String shaPassword(String oldPwd){
return new SimpleHash("sha-256",oldPwd,getsalt(),100).toString();
}
b 完整代码
package com.zlz.util;
import org.apache.shiro.crypto.hash.SimpleHash;
import java.util.Random;
public class SHAUtil02 {
public static String shaPassword(String oldPwd){
return new SimpleHash("sha-256",oldPwd,getSalt(),100).toString();
}
static Random random=new Random();
public static String getSalt(){
String salts="ewsfjbwdufgsfsnuivhe123456789/*;[]";
StringBuffer salt=new StringBuffer();
for (int i = 1; i <=10; i++) {
char c=salts.charAt(random.nextInt(salts.length()));
salt.append(String.valueOf(c));
}
return salt.toString();
}
public static void main(String[] args) {
String newPwd = SHAUtil02.shaPassword("admin");
System.out.println(newPwd);
}
}
1.3 手动变更数据表(以自己指定盐的方式)
1.3.1 生成账户"admin"所对应的密文
a 测试代码
public static void main(String[] args) {
String newPwd = SHAUtil01.shaPassword("admin", "q1");
System.out.println(newPwd);
}
b 运行截图
1.3.2 账户"aaa"所对应的密文
a 测试代码
public static void main(String[] args) {
String newPwd = SHAUtil01.shaPassword("aaa", "q2");
System.out.println(newPwd);
}
b 运行截图
1.3.3 账户"bbb"所对应的密文
a 测试代码
public static void main(String[] args) {
String newPwd = SHAUtil01.shaPassword("bbb", "q3");
System.out.println(newPwd);
}
b 运行截图
1.3.4 手动更改sys_user表的salt字段,更改后的效果如下所示
1.4 sys_user表所对应的sql语句(生成对应密文后的版本)
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
DROP TABLE IF EXISTS `sys_user`;
CREATE TABLE `sys_user` (
`id` int NOT NULL,
`username` varchar(100) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NULL DEFAULT NULL,
`password` varchar(100) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NULL DEFAULT NULL,
`salt` varchar(100) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NULL DEFAULT NULL,
`suo` int NULL DEFAULT 0,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb3 COLLATE = utf8mb3_general_ci ROW_FORMAT = COMPACT;
INSERT INTO `sys_user` VALUES (1, 'admin', '7e84f2fbdc9de493dc1e17c44b163ebc9168bc472f26db231f472f1012e62d87', 'q1', 0);
INSERT INTO `sys_user` VALUES (2, 'aaa', '18ae76b69e6b7b2ae78100013442beafb692bbbad663b1ff5845f0036b446ad7', 'q2', 0);
INSERT INTO `sys_user` VALUES (3, 'bbb', '7c8425aa02dfdfc973257f3b2a4ded786eadee830d7a29a900669727fa7a5966', 'q3', 1);
SET FOREIGN_KEY_CHECKS = 1;
2 在config包下创建域(MysqlRealm类)
package com.zlz.config;
import com.zlz.entity.SysUser;
import com.zlz.mapper.SysUserMapper;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
public class MysqlRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) {
return null;
}
@Autowired
SysUserMapper sysUserMapper;
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken at) throws AuthenticationException {
String username = (String) at.getPrincipal();
SysUser user = sysUserMapper.findUserByUsername(username);
if (user == null) {
throw new UnknownAccountException();
}
if(user.getSuo()==1){
throw new LockedAccountException();
}
ByteSource salt = ByteSource.Util.bytes(user.getSalt());
SimpleAuthenticationInfo s=new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),salt,getName());
return s;
}
}
3.在config包下创建ShiroConfig类(进行shiro的相关配置)
package com.zlz.config;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ShiroConig {
@Bean
public DefaultWebSecurityManager securityManager(){
DefaultWebSecurityManager dws=new DefaultWebSecurityManager();
dws.setRealm(mysqlRealm());
dws.setSessionManager(new DefaultWebSessionManager());
return dws;
}
@Bean("shiroFilterFactoryBean")
public ShiroFilterFactoryBean factoryBean(){
ShiroFilterFactoryBean sffb=new ShiroFilterFactoryBean();
sffb.setSecurityManager(securityManager());
sffb.setLoginUrl("");
sffb.setUnauthorizedUrl("");
return sffb;
}
@Bean
public MysqlRealm mysqlRealm(){
MysqlRealm mysqlRealm=new MysqlRealm();
HashedCredentialsMatcher hsm = new HashedCredentialsMatcher();
hsm.setHashAlgorithmName("sha-256");
hsm.setHashIterations(100);
mysqlRealm.setCredentialsMatcher(hsm);
return mysqlRealm;
}
}
4 最终测试
4.1 当账户输入有误时
a 点击登录按钮前
b 点击登录按钮后
4.2 当账户被锁定时
a 点击登录按钮前
b 点击登录按钮后
4.3 当密码输入有误时(该用户并没有被锁定)
a 点击登录按钮前
b 点击登录按钮后
4.4 当账户密码输入均正确时
a 点击登录按钮前
b 点击登录按钮后