【shiro】shiro学习笔记3-散列功能

本文主要是介绍【shiro】shiro学习笔记3-散列功能，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

对于密码，有很多种加密方式散列是其中 最常用的，shiro提供了直接支持。

环境

    <dependencies><!-- shiro --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.2.4</version></dependency><!--日志问题的解决--><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.7.15</version></dependency><!--日志--><dependency><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId><version>1.2</version></dependency><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>4.12</version><scope>test</scope></dependency></dependencies>

目录结构

shiro封装的散列对象(列举常用)

Md5Hash

Md5Hash(Object source, Object salt, int hashIterations)

SimpleHash

SimpleHash(String algorithmName, Object source, Object salt, int hashIterations)

参数含意：
source: 要散列的值（这里是明文密码）
salt: 盐，用于与source一起散列的值，一般随机生成，用于防止暴力破解
hashIterations: 散列的次数
algorithmName: simpleHash是其它散列的父类（如下图），如果要用simpleHash就要告诉shiro使用哪种hash方式

代码

log4j.properties

log4j.rootLogger=DEBUG, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%5p [%t] - %m%n

shiro-realm-md5.ini

[main]
#注入凭证匹配器
cridentialMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
cridentialMatcher.hashAlgorithmName = MD5
cridentialMatcher.hashIterations = 3#注入自定义的realm
hashRealm = xyz.mrwood.study.realm.HashRealm
hashRealm.credentialsMatcher = $cridentialMatcher
securityManager.realms = $hashRealm

User.java(模拟数据库中的表)

package xyz.mrwood.study.model;/*** Created by Administrator on 2016/2/16.*/
public class User {private String username;private String password;private String salt;public User(String username, String password, String salt) {this.username = username;this.password = password;this.salt = salt;}public String getUsername() {return username;}public void setUsername(String username) {this.username = username;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}public String getSalt() {return salt;}public void setSalt(String salt) {this.salt = salt;}@Overridepublic String toString() {return "User{" +"username='" + username + '\'' +", password='" + password + '\'' +", salt='" + salt + '\'' +'}';}
}

HashRealm.java

package xyz.mrwood.study.realm;import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import xyz.mrwood.study.model.User;import java.util.HashMap;
import java.util.Map;/*** Created by Administrator on 2016/2/16.*/
public class HashRealm extends AuthorizingRealm {//授权@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {return null;}//认证@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {//获得主体（帐号）String principal = (String) authenticationToken.getPrincipal();//模拟数据库Map<String, User> users = new HashMap<>();users.put("kiwi", new User("kiwi", new Md5Hash("22222", "324", 3).toString(), "324"));users.put("fly", new User("fly", new Md5Hash("111111", "123", 3).toString(), "123"));//验证帐号是否存在if (users.containsKey(principal)){User user = users.get(principal);System.out.printf(user.toString());//在realm中只要判断帐号是否存在，密码是否正确交给shiro比较return new SimpleAuthenticationInfo(principal, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName());}else{return null;}}
}

AuthenticationTest.java

package xyz.mrwood.study.authentication;import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Test;/*** Created by Administrator on 2016/2/12.*/
public class AuthenticationTest {@Testpublic void testHash(){//        构建SecurityManager对象Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm-md5.ini");SecurityManager securityManager = factory.getInstance();//        设置SecurityManager进入运行环境SecurityUtils.setSecurityManager(securityManager);//        构建主体对象Subject subject = SecurityUtils.getSubject();//        封装帐号密码对象
//        密码传明文，所有如果要用这个以后客户端不能再加密了AuthenticationToken token = new UsernamePasswordToken("kiwi", "22222");//        提交验证try {subject.login(token);} catch (IncorrectCredentialsException e) {System.out.println("错误的凭证！");} catch (UnknownAccountException e){System.out.println("未知帐号！");}System.out.println("认证：" + subject.isAuthenticated());}
}

总结

1. 在realm中只要判断帐号是否存在，密码是否正确交给shiro比较
2. shiro的凭证匹配器的作用，就是得到明文密码与salt后怎么去散列，匹配器通过配置，有如下几种
   

这篇关于【shiro】shiro学习笔记3-散列功能的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！

---