重写SimpleCredentialsMatcher类的method
doCredentialsMatch
散列加密 盐值自己加
public class CustomCredentialsMatcher extends SimpleCredentialsMatcher{ @Override public boolean doCredentialsMatch(AuthenticationToken authcToken, AuthenticationInfo info) { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; Object tokenCredentials = encrypt(String.valueOf(token.getPassword())); Object accountCredentials = getCredentials(info); //将密码加密与系统加密后的密码校验,内容一致就返回true,不一致就返回false return equals(tokenCredentials, accountCredentials); } //将传进来密码加密方法 public String encrypt(String data) { String sha384Hex = new Sha384Hash(data).toHex();//这里可以选择自己的密码验证方式 比如 md5或者sha256等 return sha384Hex; }
在AuthorizingRealm重写initCredentialsMatcher shiro验证
@PostConstruct public void initCredentialsMatcher() { // 该句作用是重写shiro的密码验证,让shiro用我自己的验证 setCredentialsMatcher(new CustomCredentialsMatcher()); }