foreword
I have configured how to use shiro before. This time I will study how to use spring shiro's password encryption, and when adding and updating users, it is necessary to generate salt and encrypt the encrypted password for storage operation.
text
Configure Credential Matchers
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher() {
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("SHA-256");//散列算法:MD2、MD5、SHA-1、SHA-256、SHA-384、SHA-512等。
hashedCredentialsMatcher.setHashIterations(1);//散列的次数,默认1次, 设置两次相当于 md5(md5(""));
return hashedCredentialsMatcher;
}
/**
* 注册身份验证
* @param hashedCredentialsMatcher 凭证匹配器
* @return
*/
@Bean
public OAuth2Realm oAuth2Realm(HashedCredentialsMatcher hashedCredentialsMatcher) {
OAuth2Realm oAuth2Realm = new OAuth2Realm();
oAuth2Realm.setCredentialsMatcher(hashedCredentialsMatcher);
return oAuth2Realm;
}In this way, the credential matcher is registered in the authentication Realm. When the user performs the login operation, this method is used in the doGetAuthenticationInfomethod to authenticate the user:
return new SimpleAuthenticationInfo(
user, // 存入凭证的信息,登陆成功后可以使用 SecurityUtils.getSubject().getPrincipal();在任何地方使用它
user.getPassword(),
ByteSource.Util.bytes(user.getSalt()), // 加盐,
getName());Generate encrypted password
/**
* 随机生成 salt 需要指定 它的字符串的长度
*
* @param len 字符串的长度
* @return salt
*/
public static String generateSalt(int len) {
//一个Byte占两个字节
int byteLen = len >> 1;
SecureRandomNumberGenerator secureRandom = new SecureRandomNumberGenerator();
return secureRandom.nextBytes(byteLen).toHex();
}
/**
* 获取加密后的密码,使用默认hash迭代的次数 1 次
*
* @param hashAlgorithm hash算法名称 MD2、MD5、SHA-1、SHA-256、SHA-384、SHA-512、etc。
* @param password 需要加密的密码
* @param salt 盐
* @return 加密后的密码
*/
public static String encryptPassword(String hashAlgorithm, String password, String salt) {
return encryptPassword(hashAlgorithm, password, salt, 1);
}
/**
* 获取加密后的密码,需要指定 hash迭代的次数
*
* @param hashAlgorithm hash算法名称 MD2、MD5、SHA-1、SHA-256、SHA-384、SHA-512、etc。
* @param password 需要加密的密码
* @param salt 盐
* @param hashIterations hash迭代的次数
* @return 加密后的密码
*/
public static String encryptPassword(String hashAlgorithm, String password, String salt, int hashIterations) {
SimpleHash hash = new SimpleHash(hashAlgorithm, password, salt, hashIterations);
return hash.toString();
}Then insert the generated salt and encrypted password into the database and you are done.
@Override
public void save(SysUserEntity sysUser) {
sysUser.setCreateDate(new Date());
// 密码加密 方式很多,任选
/* String salt = RandomStringUtils.randomAlphanumeric(20);
sysUser.setPassword(new Sha256Hash(sysUser.getPassword(), salt).toHex());*/
String salt = ShiroUtils.generateSalt(20);
sysUser.setPassword(ShiroUtils.encryptPassword("SHA-256", sysUser.getPassword(), salt));
sysUser.setSalt(salt);
sysUser.setUsername(sysUser.getEmail());
sysUser.setStatus(SysConstant.SysUserStatus.ACTIVE);
sysUser.setType(SysConstant.SysUserType.USER);
sysUserDao.save(sysUser);
}