shiro自定義密碼匹配驗證,密碼加密驗證。javascript
1.更改shiro安全管理配置html
[html] view plain copyjava
- <!-- 定義Shiro安全管理配置 -->
- <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
- <!-- <property name="realm" ref="systemAuthorizingRealm" /> -->
- <property name="realm" ref="userRealm" />
- <property name="sessionManager" ref="sessionManager" />
- <property name="cacheManager" ref="shiroCacheManager" />
- </bean>
-
- <!-- 3.1 直接配置繼承了org.apache.shiro.realm.AuthorizingRealm的bean -->
- <bean id="userRealm" class="com.thinkgem.jeesite.modules.sys.security.SystemAuthorizingRealm">
- <!-- 配置密碼匹配器 -->
- <property name="credentialsMatcher" ref="credentialsMatcher"/>
- </bean>
-
- <!-- 憑證匹配器 -->
- <bean id="credentialsMatcher" class="com.thinkgem.jeesite.modules.sys.security.CustomCredentialsMatcher">
- </bean>
<property name="realm" ref="systemAuthorizingRealm" /> ,spring自動注入。web
2.自定義密碼驗證算法
[java] view plain copyspring
- /**
- * Description: 告訴shiro如何驗證加密密碼,經過SimpleCredentialsMatcher或HashedCredentialsMatcher
- * @Author: wjl
- * @Create Date: 2017-3-14
- */
-
- public class CustomCredentialsMatcher extends SimpleCredentialsMatcher {
-
- @Override
- public boolean doCredentialsMatch(AuthenticationToken authcToken, AuthenticationInfo info) {
-
- UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
- Object accountCredentials = getCredentials(info);
- // String pwd =encrypt32(String.valueOf(token.getPassword()));//md5 32位加密
- String pwdType =String.valueOf(token.getPassword());// 判斷一下密碼是不是用戶輸入的,仍是JCIS傳過來的
- if(pwdType.length() == 32){
- return equals(pwdType, accountCredentials); //密碼長度=32位,說明是md5加密過,是從xx傳進來的 32位加密。
- }
- String pwdUser =encrypt32(String.valueOf(token.getPassword()));//不等於32 是用戶輸入的密碼。 若是用戶輸入的密碼長度位32那麼裏面會有一個bug
- return equals(pwdUser, accountCredentials);
- //將密碼加密與系統加密後的密碼校驗,內容一致就返回true,不一致就返回false
- //return super.doCredentialsMatch(token, info) ;
- }
-
3.更改密碼驗證,註釋掉自帶的。apache
[java] view plain copy安全
- /**
- * 設定密碼校驗的Hash算法與迭代次數
- */
- // @PostConstruct
- // public void initCredentialsMatcher() {
- // HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(SystemService.HASH_ALGORITHM);
- // matcher.setHashIterations(SystemService.HASH_INTERATIONS);
- // setCredentialsMatcher(matcher);
- // // setCredentialsMatcher(new CustomCredentialsMatcher());
- // }
若是不註釋就是用這種方式也能夠。session
[javascript] view plain copyide
- /**
- * 設定密碼校驗的Hash算法與迭代次數
- */
- @PostConstruct
- public void initCredentialsMatcher() {
- setCredentialsMatcher(new CustomCredentialsMatcher());
- }