-
盐加密的了解和shiro认证-SSM
目录
本次目标:
- 盐加密
- shiro认证
一、盐加密
1. 什么是盐加密
加盐加密是一种对系统登录口令的加密方式,它实现的方式是将每一个口令同一个叫做”盐“(salt)的n位随机数相关联。
无论何时只要口令改变,随机数就改变。随机数以未加密的方式存放在口令文件中,这样每个人都可以读。
不再只保存加密过的口令,而是先将口令和随机数连接起来然后一同加密,加密后的结果放在口令文件中。
2. 数据库密码的发展史
(md5就是一种信息摘要加密算法。)
第一个阶段:明文密码
第二个阶段:md5加密
第三个阶段:md5加盐加密
第四个阶段:md5加盐加密加次数盐是随机器生成的,次数是自己定义的。
加密地址:md5解密加密
示例:
PasswordHelper :
- package com.ps.shiro;
- import org.apache.shiro.crypto.RandomNumberGenerator;
- import org.apache.shiro.crypto.SecureRandomNumberGenerator;
- import org.apache.shiro.crypto.hash.SimpleHash;
- /**
- * 用于shiro权限认证的密码工具类
- */
- public class PasswordHelper {
- /**
- * 随机数生成器
- */
- private static RandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator();
- /**
- * 指定hash算法为MD5
- */
- private static final String hashAlgorithmName = "md5";
- /**
- * 指定散列次数为1024次,即加密1024次
- */
- private static final int hashIterations = 1024;
- /**
- * true指定Hash散列值使用Hex加密存. false表明hash散列值用用Base64-encoded存储
- */
- private static final boolean storedCredentialsHexEncoded = true;
- /**
- * 获得加密用的盐
- *
- * @return
- */
- public static String createSalt() {
- return randomNumberGenerator.nextBytes().toHex();
- }
- /**
- * 获得加密后的凭证
- *
- * @param credentials 凭证(即密码)
- * @param salt 盐
- * @return
- */
- public static String createCredentials(String credentials, String salt) {
- SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, credentials,
- salt, hashIterations);
- return storedCredentialsHexEncoded ? simpleHash.toHex() : simpleHash.toBase64();
- }
- /**
- * 进行密码验证
- *
- * @param credentials 未加密的密码
- * @param salt 盐
- * @param encryptCredentials 加密后的密码
- * @return
- */
- public static boolean checkCredentials(String credentials, String salt, String encryptCredentials) {
- return encryptCredentials.equals(createCredentials(credentials, salt));
- }
- public static void main(String[] args) {
- //盐
- String salt = createSalt();
- System.out.println(salt);
- System.out.println(salt.length());
- //凭证+盐加密后得到的密码
- String credentials = createCredentials("123456", salt);
- System.out.println(credentials);
- System.out.println(credentials.length());
- boolean b = checkCredentials("123456", salt, credentials);
- System.out.println(b);
- }
- }
运行结果:
二、Shiro认证
1. 配置环境
pom依赖:
- <dependency>
- <groupId>org.apache.shirogroupId>
- <artifactId>shiro-coreartifactId>
- <version>1.3.2version>
- dependency>
- <dependency>
- <groupId>org.apache.shirogroupId>
- <artifactId>shiro-webartifactId>
- <version>1.3.2version>
- dependency>
- <dependency>
- <groupId>org.apache.shirogroupId>
- <artifactId>shiro-springartifactId>
- <version>1.3.2version>
- dependency>
web.xml配置:
- <filter>
- <filter-name>shiroFilterfilter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxyfilter-class>
- <init-param>
- <param-name>targetFilterLifecycleparam-name>
- <param-value>trueparam-value>
- init-param>
- filter>
- <filter-mapping>
- <filter-name>shiroFilterfilter-name>
- <url-pattern>/*url-pattern>
- filter-mapping>
2.完成登录的方法 Mapper层的编写,接着biz层
(逆向生成的表是放在generatorConfig.xml中)
UserMapper.xml
- <select id="queryUserByUserName" resultType="com.ps.ssm.model.User" parameterType="java.lang.String" >
- select
- <include refid="Base_Column_List" />
- from t_shiro_user
- where username = #{userName}
- select>
UserMapper.java
User queryUserByUserName(@Param("userName") String userName);UserBiz.java
- package com.ps.ssm.biz;
- import com.ps.ssm.model.User;
- import org.apache.ibatis.annotations.Param;
- public interface UserBiz {
- int deleteByPrimaryKey(Integer userid);
- int insert(User record);
- int insertSelective(User record);
- User selectByPrimaryKey(Integer userid);
- User queryUserByUserName(@Param("userName") String userName);
- int updateByPrimaryKeySelective(User record);
- int updateByPrimaryKey(User record);
- }
UserBizImpl.java
- package com.ps.ssm.biz.imp;
- import com.ps.ssm.biz.UserBiz;
- import com.ps.ssm.mapper.UserMapper;
- import com.ps.ssm.model.User;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.stereotype.Service;
- /**
- * @author 彭于晏
- * @site www.pengyuyan.com
- * @company 玉渊工作室
- * @create 2022-08-26 12:19
- */
- @Service
- public class UserBizImpl implements UserBiz {
- @Autowired
- private UserMapper userMapper;
- @Override
- public int deleteByPrimaryKey(Integer userid) {
- return userMapper.deleteByPrimaryKey(userid);
- }
- @Override
- public int insert(User record) {
- return userMapper.insert(record);
- }
- @Override
- public int insertSelective(User record) {
- return userMapper.insertSelective(record);
- }
- @Override
- public User selectByPrimaryKey(Integer userid) {
- return userMapper.selectByPrimaryKey(userid);
- }
- @Override
- public User queryUserByUserName(String userName) {
- return userMapper.queryUserByUserName(userName);
- }
- @Override
- public int updateByPrimaryKeySelective(User record) {
- return userMapper.updateByPrimaryKeySelective(record);
- }
- @Override
- public int updateByPrimaryKey(User record) {
- return userMapper.updateByPrimaryKey(record);
- }
- }
3. 完成自定义realm(重点)
- Shiro从Realm获取安全数据(如用户、角色、权限),就是说SecurityManager要验证用户身份,那么它需要从Realm获取相应的用户进行比较以确定用户身份是否合法;
- 也需要从Realm得到用户相应的角色/权限进行验证用户是否能进行操作;可以把Realm看成DataSource,即安全数据源。
- 最基础的是Realm接口,CachingRealm负责缓存处理,AuthenticationRealm负责认证,AuthorizingRealm负责授权。
AuthorizationInfo:授权信息
AuthenticationInfo:认证信息Realm体系结构:
自定义Realm—MyRealm
- package com.ps.ssm.shiro;
- import com.ps.ssm.biz.UserBiz;
- import com.ps.ssm.model.User;
- import org.apache.shiro.authc.AuthenticationException;
- import org.apache.shiro.authc.AuthenticationInfo;
- import org.apache.shiro.authc.AuthenticationToken;
- import org.apache.shiro.authc.SimpleAuthenticationInfo;
- import org.apache.shiro.authz.AuthorizationInfo;
- import org.apache.shiro.realm.AuthorizingRealm;
- import org.apache.shiro.subject.PrincipalCollection;
- import org.apache.shiro.util.ByteSource;
- /**
- * @author 彭于晏
- * @site www.pengyuyan.com
- * @company 玉渊工作室
- * @create 2022-08-26 12:45
- */
- public class MyRealm extends AuthorizingRealm {
- public UserBiz userBiz;
- public UserBiz getUserBiz() {
- return userBiz;
- }
- public void setUserBiz(UserBiz userBiz) {
- this.userBiz = userBiz;
- }
- /**
- * 授权
- * @param principals
- * @return
- * 替代shiro-web-ini
- */
- @Override
- protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
- return null;
- }
- /**
- * 认证
- * @param token
- * @return
- * @throws AuthenticationException
- * 替代shiro.ini
- */
- @Override
- protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
- //调用查询方法
- String userName = token.getPrincipal().toString();
- User user = userBiz.queryUserByName(userName);
- AuthenticationInfo info = new SimpleAuthenticationInfo(
- user.getUsername(),
- user.getPassword(),
- ByteSource.Util.bytes(user.getSalt()),
- this.getName()//realm的名字
- );
- return info;
- }
- }
application-shiro配置
- "1.0" encoding="UTF-8"?>
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
- <bean id="shiroRealm" class="com.ps.ssm.shiro.MyRealm">
- <property name="userBiz" ref="userBiz" />
- <property name="credentialsMatcher">
- <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
- <property name="hashAlgorithmName" value="md5"/>
- <property name="hashIterations" value="1024"/>
- <property name="storedCredentialsHexEncoded" value="true"/>
- bean>
- property>
- bean>
- <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
- <property name="realm" ref="shiroRealm" />
- bean>
- <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
- <property name="securityManager" ref="securityManager" />
- <property name="loginUrl" value="/login"/>
- <property name="unauthorizedUrl" value="/unauthorized.jsp"/>
- <property name="filterChainDefinitions">
- <value>
- /user/login=anon
- /user/updatePwd.jsp=authc
- /admin/*.jsp=roles[admin]
- /user/teacher.jsp=perms["user:update"]
- value>
- property>
- bean>
- <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
- beans>
applicationContext.xml:
- "1.0" encoding="UTF-8"?>
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd">
- <import resource="applicationContext-mybatis.xml">import>
- <import resource="applicationContext-shiro.xml">import>
- beans>
4.Spring与shiro的整合(注意)
ShiroUserController
- package com.ps.ssm.controller;
- import org.apache.shiro.SecurityUtils;
- import org.apache.shiro.authc.UsernamePasswordToken;
- import org.apache.shiro.subject.Subject;
- import org.springframework.stereotype.Controller;
- import org.springframework.web.bind.annotation.RequestMapping;
- import javax.servlet.http.HttpServletRequest;
- /**
- * @author 彭于晏
- * @site www.pengyuyan.com
- * @company 玉渊工作室
- * @create 2022-08-26 13:11
- */
- @Controller
- public class ShiroUserController {
- @RequestMapping("/login")
- public String login(HttpServletRequest request){
- try {
- //传入
- String username = request.getParameter("username");
- String password = request.getParameter("password");
- //令牌
- UsernamePasswordToken token = new UsernamePasswordToken(username,password);
- //拿到当前登录主题
- Subject subject = SecurityUtils.getSubject();
- //通过登录主题进行登录
- subject.login(token);
- return "main";
- }catch (Exception e){
- request.setAttribute("message","账号密码错误");
- return "login";
- }
- }
- @RequestMapping("/logout")
- public String logout(HttpServletRequest request){
- //拿到登录主体
- Subject subject = SecurityUtils.getSubject();
- subject.logout();
- return "login";
- }
- }
工具类:PasswordHelper
- package com.ps.shiro;
- import org.apache.shiro.crypto.RandomNumberGenerator;
- import org.apache.shiro.crypto.SecureRandomNumberGenerator;
- import org.apache.shiro.crypto.hash.SimpleHash;
- /**
- * 用于shiro权限认证的密码工具类
- */
- public class PasswordHelper {
- /**
- * 随机数生成器(生成盐)
- */
- private static RandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator();
- /**
- * 指定hash算法为MD5
- */
- private static final String hashAlgorithmName = "md5";
- /**
- * 指定散列次数为1024次,即加密1024次
- */
- private static final int hashIterations = 1024;
- /**
- * true指定Hash散列值使用Hex加密存. false表明hash散列值用用Base64-encoded存储
- */
- private static final boolean storedCredentialsHexEncoded = true;
- /**
- * 获得加密用的盐(生成一个随机的盐)
- *
- * @return
- */
- public static String createSalt() {
- return randomNumberGenerator.nextBytes().toHex();
- }
- /**
- * 获得加密后的凭证
- *
- * @param credentials 凭证(即密码)
- * @param salt 盐
- * @return
- */
- public static String createCredentials(String credentials, String salt) {
- SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, credentials,
- salt, hashIterations);
- return storedCredentialsHexEncoded ? simpleHash.toHex() : simpleHash.toBase64();
- }
- /**
- * 进行密码验证
- *
- * @param credentials 未加密的密码
- * @param salt 盐
- * @param encryptCredentials 加密后的密码
- * @return
- */
- public static boolean checkCredentials(String credentials, String salt, String encryptCredentials) {
- return encryptCredentials.equals(createCredentials(credentials, salt));
- }
- public static void main(String[] args) {
- //盐
- String salt = createSalt();
- System.out.println(salt);
- System.out.println(salt.length());
- //凭证+盐加密后得到的密码
- String credentials = createCredentials("123456", salt);
- System.out.println(credentials);
- System.out.println(credentials.length());
- boolean b = checkCredentials("123456", salt, credentials);
- System.out.println(b);
- }
- }
测试:
今天分享的知识就到这里啦!如果喜欢,那就关注博主,了解更多的知识吧!
-
相关阅读:
LeetCode-46-全排列
hbase学习
Python散点图
现代企业架构框架-数据架构
ue4项目运行还可以鼠标点击
uniapp(uncloud) 使用生态开发接口详情2(使用 schema创建数据, schema2code创建页面, iconfont 引入项目)
复旦微开发过程中遇到的问题总结(三)
【Redis】理论进阶篇------浅谈Redis的缓存穿透和雪崩原理
【C++】日期类的实现
typeorm 批量插入数据优化和插入冲突操作
- 原文地址:https://blog.csdn.net/weixin_63531940/article/details/126530554
