Shiro开发框架如何进行加密处理

2024-11-04 12:10:20

1、现在我们所有的用户密码都是使用了明文的模式表示的，这样很明显不适合于程序的安全性的考虑，所以为了更加完成的实现整个的登陆检测操作，强烈建议针对于密码进行MD5加密处理，那么本次的瑕铆幌约加密依然采用加盐的操作完成。1、取得MD5开发程序工具类：2、对于现在使用的salt建议还是使用Base64编码完成处理：d3d3LmJhaWR1LmNvbQ==为我们需要的颜值package com.gwolf.utils;import java.security.MessageDigest;public class MD5Code { private static final String hexDigits[] = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f" }; private static String byteArrayToHexString(byte b[]) { StringBuffer resultSb = new StringBuffer(); for (int i = 0; i < b.length; i++) resultSb.append(byteToHexString(b[i])); return resultSb.toString(); } private static String byteToHexString(byte b) { int n = b; if (n < 0) n += 256; int d1 = n / 16; int d2 = n % 16; return hexDigits[d1] + hexDigits[d2]; } public static String MD5Encode(String origin, String charsetname) { String resultString = null; try { resultString = new String(origin); MessageDigest md = MessageDigest.getInstance("MD5"); if (charsetname == null || "".equals(charsetname)) resultString = byteArrayToHexString(md.digest(resultString .getBytes())); else resultString = byteArrayToHexString(md.digest(resultString .getBytes(charsetname))); } catch (Exception exception) { } return resultString; }}

2、将生成的“salt=d3d3LmJhaWR1LmNvbQ==”与MD5整合进行加密处理，格式：password{{salt}}。package com.gwolf.test;import com.gwolf.utils.MD5Code;public class TestMD5 { public static void main(String[] args) { String password = "hello"; String salt = "d3d3LmJhaWR1LmNvbQ=="; System.out.println(new MD5Code().MD5Encode(password + "{{"+salt+"}}", "utf-8")); }}

3、修改数据库脚本的部分数据：insert into member(mid,password,name,locked) values('admin','fcd3e371ed3fbb27656becad65007f79','管理员',0);insert into member(mid,password,name,locked) values('mldn','ccfcb7d7f63dd0626b7d53106ab841c5','隔壁老王',0);

4、定义一个专门负责取得加密后密码的工具类。package com.gwolf.utils.encrypt;public class MyPasswordEncrypt { private static final String SALt = "d3d3LmJhaWR1LmNvbQ=="; public static String encryptPassword(String password) { return password+"{{"+SALt+"}}"; }}

5、修改自定义的Realm，在进行密码匹配的时候对密码进行加密处理：String password = MyPasswordEncrypt.encryptPassword(new String((char[])token.getCredentials())); if(vo.getPassword().equals(password)) { AuthenticationInfo auth = new SimpleAuthenticationInfo(username, password,"memberRealm"); return auth; }else { throw new IncorrectCredentialsException("密码错误！"); }

6、随后还需要建立有一个认证的匹配处理类：package com.gwolf.shiro.realm挢旗扦渌;import org.锾攒揉敫apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;import com.gwolf.utils.encrypt.MyPasswordEncrypt;public class CustomerCredentialsMatcher extends SimpleCredentialsMatcher { @Override public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { //取得原始的输入数据信息 Object tokenCredentials = MyPasswordEncrypt. encryptPassword(super.toString(token.getCredentials())).getBytes(); //取得认证数据库中的数据 Object dbTokenCredentials = super.getCredentials(info); return super.equals(tokenCredentials, dbTokenCredentials); }}

7、随后需要将MemberRealm的操作配置定义在applicationContext.xml文件里面，因为此时需要定义认证匹配器：<bean id="memberRealm" class="com.gwolf.shiro.realm.MemberRealm"> <property name="credentialsMatcher"> <bean class=" com.gwolf.shiro.realm.CustomerCredentialsMatcher"></bean> </property> </bean>

8、在整个的shiro操作过程之中，对于用户的认证部分除了自定义的Realm之外还需要有一个专门的认证匹配器。