版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
第一种
添加jar包
//MD5 jar包 https://mvnrepository.com/artifact/commons-codec/commons-codec
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.10</version>
</dependency>
import org.apache.commons.codec.digest.DigestUtils;
public static void main(String[] args) {
/**
* 第一种方法
*/
//对字符串进行md5加密
String md5Hex = DigestUtils.md5Hex("123456");
//对字符串添加盐值加密
String md5Hex1 = DigestUtils.md5Hex("123456" + UUID.randomUUID().toString().substring(0, 4));
//散列1024次循环加密
for (int i = 0; i < 1024; i++) {
md5Hex1 = DigestUtils.md5Hex(md5Hex1);
}
System.out.println(md5Hex1);
}
第二种
添加jar包
shiro框架中自带的类 (明文,盐值,散列次数)
<!--shiro jar包-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
import org.apache.shiro.crypto.hash.Md5Hash;
public static void main(String[] args) {
/*
*第二种方法
*/
Md5Hash md5Hash = new Md5Hash("123456", UUID.randomUUID().toString().substring(0, 4), 1024);
System.out.println(md5Hash);
}
自定义Realm
public class MyRealm extends AuthorizingRealm {
private Logger logger=LoggerFactory.getLogger(MyRealm.class);
@Autowired
private AdminDao adminDao;
/**
* 实现认证信息获取的方法
* @param token
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// 1.从token中获取账号
String username = (String) token.getPrincipal();
Admin admin= adminDao.loginusername(username);
if(admin!=null){
SimpleAccount simpleAccount = new SimpleAccount(admin.getUsername(), admin.getPassword(), ByteSource.Util.bytes(admin.getSalt()), this.getName());
// SimpleAccount simpleAccount = new SimpleAccount();
System.out.println(this.getName()+" this.getName()");
return simpleAccount;
}
return null;
}
}
ShiroConfig 配置
/**
* 创建一个shiro的配置类
*/
@Configuration
public class ShiroConfig {
/**
* 创建一个过滤器
*/
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 设置过滤器链 设置过滤规则
/**
* anon 代表不过滤 放行
* authc 代表过滤 认证
* 放行优先于认证
*/
Map map=new HashMap();
map.put("/login.jsp","anon");
map.put("/**","authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
shiroFilterFactoryBean.setSecurityManager(securityManager);
return shiroFilterFactoryBean;
}
@Bean
public DefaultWebSecurityManager getSecurityManager(MyRealm myRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 设置自定义realm
securityManager.setRealm(myRealm);
return securityManager;
}
/**
* 创建自定义realm
*/
@Bean
public MyRealm getRealm(CredentialsMatcher credentialsMatcher){
MyRealm myRealm = new MyRealm();
// 加密处理 设置密码处理凭证器
myRealm.setCredentialsMatcher(credentialsMatcher);
return myRealm;
}
/**
* 设置密码凭证器 对密码进行解密
*/
@Bean
public CredentialsMatcher getCredentialsMatcher(){
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
//设置算法名字
credentialsMatcher.setHashAlgorithmName("md5");
//设置散列次数
credentialsMatcher.setHashIterations(1024);
return credentialsMatcher;
}
}
注册用户 controller
@RequestMapping("/regist")
public String regist(Admin admin){
String substring = UUID.randomUUID().toString().substring(0, 4);
Md5Hash md5Hash = new Md5Hash(admin.getPassword(), substring, 1024);
admin.setSalt(substring);
admin.setPassword(md5Hash.toString());
adminService.insert(admin);
}
数据库用户表字段
登录和登出
//登录
@RequestMapping("login")
public String login(Admin admin, HttpSession session) {
UsernamePasswordToken token = new UsernamePasswordToken(admin.getUsername(), admin.getPassword());
Subject subject = SecurityUtils.getSubject();
System.out.println(token+"token");
try {
subject.login(token);
if(subject.hasRole("admin")){
System.out.println("拥有普通管理员的权限");
}
logger.info("登录成功");
session.setAttribute("Admin",admin);
return "redirect:main/main1.jsp";
} catch (IncorrectCredentialsException e) {
//e.printStackTrace();
logger.info("密码错误");
return "redirect:/login.jsp";
} catch (UnknownAccountException e1) {
logger.info("账户错误");
return "redirect:/login.jsp";
}
}
//登出
@RequestMapping("/loginOut")
public String auto(){
Subject subject = SecurityUtils.getSubject();
subject.logout();
}