Shiro 加密helloWorld

承接第一章 初解加密

只贴更改的源码，其他看上一篇。

ShiroRealm.java

package com.lkk.shiro.realms;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;




/**
 * @author 流年拓荒者
 *
 */
public class ShiroRealm extends AuthorizingRealm{

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
        // TODO Auto-generated method stub
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(
            AuthenticationToken token) throws AuthenticationException {
        // TODO Auto-generated method stub
System.out.println("[FirstRealm] doGetAuthenticationInfo");
        
        //1. 把 AuthenticationToken 转换为 UsernamePasswordToken 
        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        
        //2. 从 UsernamePasswordToken 中来获取 username
        String username = upToken.getUsername();
        
        //3. 调用数据库的方法, 从数据库中查询 username 对应的用户记录
        System.out.println("从数据库中获取 username: " + username + " 所对应的用户信息.");
        //4. 若用户不存在, 则可以抛出 UnknownAccountException 异常
        if("lkk".equals(username)){
            throw new UnknownAccountException("用户不存在!");
        }
        
        //5. 根据用户信息的情况, 决定是否需要抛出其他的 AuthenticationException 异常. 
        if("monster".equals(username)){
            throw new LockedAccountException("用户被锁定");
        }
        
        //6. 根据用户的情况, 来构建 AuthenticationInfo 对象并返回. 通常使用的实现类为: SimpleAuthenticationInfo
        //以下信息是从数据库中获取的.
        //1). principal: 认证的实体信息. 可以是 username, 也可以是数据表对应的用户的实体类对象. 
        Object principal = username;
        //2). credentials: 密码. 
        Object credentials =null;//"fc1709d0a95a6be30bc5926fdb7f22f4"; 
        if("admin".equals(username)){
            credentials = "038bdaf98f2037b31f1e75b5b4c9b26e";
        }else if("user".equals(username)){
            credentials = "098d2c478e9c11555ce2823231e02ec1";
        }
        //3). realmName: 当前 realm 对象的 name. 调用父类的 getName() 方法即可
        String realmName = getName();
        
        
        //4). 盐值. 
        ByteSource credentialsSalt = ByteSource.Util.bytes(username);    
        SimpleAuthenticationInfo info = null; //new SimpleAuthenticationInfo(principal, credentials, realmName);
        info = new SimpleAuthenticationInfo(principal, credentials, credentialsSalt, realmName);
        return info;
        
    }
    
    public static void main(String[] args) {
        
        
        
    Object source= "123456";
    int hashIterations = 1024;
    String algorithmName = "MD5";
    //Object salt = ByteSource.Util.bytes("admin");
    Object salt = ByteSource.Util.bytes("user");
    SimpleHash mima =     new SimpleHash(algorithmName, source, salt, hashIterations);
        System.out.print(mima);
    }
    
}

applicationContext.xml

  <!-- 
        3. 配置 Realm 
        3.1 直接配置实现了 org.apache.shiro.realm.Realm 接口的 bean
    -->     
    <bean id="jdbcRealm" class="com.lkk.shiro.realms.ShiroRealm">
          <!-- 加密算法 -->
          <property name="credentialsMatcher">
            <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
                <property name="hashAlgorithmName" value="MD5"></property>
                <property name="hashIterations" value="1024"></property>
            </bean>
        </property>
    </bean>
    

 源码：http://pan.baidu.com/s/1bp0JRaB