关于Shiro的盐值加密法的使用

package com.shiro.bean;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.util.ByteSource;
/**
 * @author layne
 * Action方法中执行subject.login(token)时会通过IOC容器调取Realm域进行数据和前端数据比对
 */
public class ShiroRealm extends AuthenticatingRealm {
     /**
     * Returns all principals associated with the corresponding Subject.  Each principal is an identifying piece of
     * information useful to the application such as a username, or user id, a given name, etc - anything useful
     * to the application to identify the current <code>Subject</code>.
     * The returned PrincipalCollection should <em>not</em> contain any credentials used to verify principals, such
     * as passwords, private keys, etc.  Those should be instead returned by {@link #getCredentials() getCredentials()}.
     * @return all principals associated with the corresponding Subject.
     * 
     * doGetAuthenticationInfo,获取认证消息,如果数据库没有数据,返回null.
     * AuthenticationInfo可以使用 SimpleAuthenticationInfo实现类,封装给正确用户名和密码
     * token参数:需要验证的token
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        /**
         * 1.将token转换为UsernamePasswordToken
         * 2.获取用户名
         * 3.查询数据库,进行验证
         * 4.结果返回
         * 5.验证不通过,抛出异常
         */
        //1.将token转换为UsernamePasswordToken
        UsernamePasswordToken upToken = (UsernamePasswordToken)token;
        //2.获取用户名
        String userName = upToken.getUsername();
        //获取用户名后。通过查询用户名查询数据库是否有值,有值则进行密码验证。
        SimpleAuthenticationInfo info=null;
        //3。查询数据库
        //使用JDBC链接数据库进行查询
        try {
                Class.forName("com.mysql.jdbc.Driver");
                String url="jdbc:mysql://localhost:3306/test";
                Connection conn=DriverManager.getConnection(url,"root","");
                PreparedStatement ps = conn.prepareStatement("select * from account where name=?");
                ps.setString(1, userName);
                ResultSet rs = ps.executeQuery();
                if(rs.next()){
                    Object principal=userName;
                    Object credentials=rs.getString(3);
                    String realmName=this.getName();
                    //设置盐值
                    ByteSource salt=ByteSource.Util.bytes(userName);
                    
                    //SimpleHash sh=new SimpleHash(algorithmName, source, salt, iterations); 
                                                  //   加密类型                       加密资源        盐值加密      加密次数
                    //给从数据库中拿到的密码做MD5的加密
                    SimpleHash sh=new SimpleHash("MD5", credentials, salt, 1024);
                    //info = new SimpleAuthenticationInfo(principal, credentials, realmName);
                    //info = new SimpleAuthenticationInfo(principal, sh, realmName);
                    //通过关于盐值的构造器,将前端传入的密码在加密时再加入盐值
                    info = new SimpleAuthenticationInfo(principal, sh, salt, realmName);
                }else{
                    throw new AuthenticationException();
                }
            } catch (ClassNotFoundException e) {
                e.printStackTrace();
            } catch (SQLException e) {
                e.printStackTrace();
        }
        return info;
    }
}

 

posted @ 2017-10-20 09:45  夜西门吹雪孤城花满楼  阅读(3736)  评论(0编辑  收藏  举报