shiro认证—— ssm
文章目录
- 1、盐加密
- 2、ssm 整合shiro认证
1、盐加密
盐加密工具类,在做新增用户的时候使用,将加密后的密码、及加密时候的盐放入数据库;
PasswordHelper
package com.hyf.ssm.utils;import org.apache.shiro.crypto.RandomNumberGenerator;
import org.apache.shiro.crypto.SecureRandomNumberGenerator;
import org.apache.shiro.crypto.hash.SimpleHash;/*** @author xhy* @site www.4399.com* @company xxx公司* @create 2019-12-01 14:34*/
public class PasswordHelper {/*** 随机数生成器*/private static RandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator();/*** 指定hash算法为MD5*/private static final String hashAlgorithmName = "md5";/*** 指定散列次数为1024次,即加密1024次*/private static final int hashIterations = 1024;/*** true指定Hash散列值使用Hex加密存. false表明hash散列值用用Base64-encoded存储*/private static final boolean storedCredentialsHexEncoded = true;/*** 获得加密用的盐** @return*/public static String createSalt() {return randomNumberGenerator.nextBytes().toHex();}/*** 获得加密后的凭证** @param credentials 凭证(即密码)* @param salt 盐* @return*/public static String createCredentials(String credentials, String salt) {SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, credentials, salt, hashIterations);return storedCredentialsHexEncoded ? simpleHash.toHex() : simpleHash.toBase64();}/*** 进行密码验证** @param credentials 未加密的密码* @param salt 盐* @param encryptCredentials 加密后的密码* @return*/public static boolean checkCredentials(String credentials, String salt, String encryptCredentials) {return encryptCredentials.equals(createCredentials(credentials, salt));}public static void main(String[] args) {//盐String salt = createSalt();System.out.println(salt);System.out.println(salt.length());//凭证+盐加密后得到的密码String credentials = createCredentials("123", salt);System.out.println(credentials);System.out.println(credentials.length());boolean b = checkCredentials("123", salt, credentials);System.out.println(b);}
}2、ssm 整合shiro认证
导入pom依赖
<dependency><groupId>org.apache.shirogroupId><artifactId>shiro-coreartifactId><version>1.3.2version>dependency><dependency><groupId>org.apache.shirogroupId><artifactId>shiro-webartifactId><version>1.3.2version>dependency><dependency><groupId>org.apache.shirogroupId><artifactId>shiro-springartifactId><version>1.3.2version>dependency>
web.xml配置
<filter><filter-name>shiroFilterfilter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxyfilter-class><init-param><param-name>targetFilterLifecycleparam-name><param-value>trueparam-value>init-param>
filter>
<filter-mapping><filter-name>shiroFilterfilter-name><url-pattern>/*url-pattern>
filter-mapping>使用逆向工程,生成下面五张表。
生成完毕使用t_shiro_user 表里的数据。进行登入和注册
ShiroUserMapper
package com.hyf.ssm.mapper;import com.hyf.ssm.model.ShiroUser;
import org.apache.ibatis.annotations.Param;
import org.springframework.stereotype.Repository;@Repository
public interface ShiroUserMapper {/* login*/ShiroUser queryByName (@Param("userName") String userName);/* register*/int insertSelective(ShiroUser record);
}
ShiroUserMapper.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.hyf.ssm.mapper.ShiroUserMapper" ><resultMap id="BaseResultMap" type="com.hyf.ssm.model.ShiroUser" ><constructor ><idArg column="userid" jdbcType="INTEGER" javaType="java.lang.Integer" /><arg column="username" jdbcType="VARCHAR" javaType="java.lang.String" /><arg column="PASSWORD" jdbcType="VARCHAR" javaType="java.lang.String" /><arg column="salt" jdbcType="VARCHAR" javaType="java.lang.String" /><arg column="createdate" jdbcType="TIMESTAMP" javaType="java.util.Date" /></constructor></resultMap><sql id="Base_Column_List" >userid, username, PASSWORD, salt, createdate</sql><!-- 注册--><insert id="insertSelective" parameterType="com.hyf.ssm.model.ShiroUser" >insert into t_shiro_user<trim prefix="(" suffix=")" suffixOverrides="," ><if test="userid != null" >userid,</if><if test="username != null" >username,</if><if test="password != null" >PASSWORD,</if><if test="salt != null" >salt,</if><if test="createdate != null" >createdate,</if></trim><trim prefix="values (" suffix=")" suffixOverrides="," ><if test="userid != null" >#{userid,jdbcType=INTEGER},</if><if test="username != null" >#{username,jdbcType=VARCHAR},</if><if test="password != null" >#{password,jdbcType=VARCHAR},</if><if test="salt != null" >#{salt,jdbcType=VARCHAR},</if><if test="createdate != null" >#{createdate,jdbcType=TIMESTAMP},</if></trim></insert><!-- 登录--><select id="queryByName" resultType="com.hyf.ssm.model.ShiroUser" parameterType="java.lang.String">select<include refid="Base_Column_List" />from t_shiro_userwhere userName = #{userName}</select>
</mapper>
ShiroUserService
package com.hyf.ssm.service;import com.hyf.ssm.model.ShiroUser;/*** @author xhy* @site www.4399.com* @company xxx公司* @create 2019-12-01 15:17*/public interface ShiroUserService {/* 登录*/ShiroUser queryByName (String userName);int insertSelective(ShiroUser record);}ShiroUserServiceImpl
package com.hyf.ssm.service.impl;import com.hyf.ssm.mapper.ShiroUserMapper;
import com.hyf.ssm.model.ShiroUser;
import com.hyf.ssm.service.ShiroUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;/*** @author xhy* @site www.4399.com* @company xxx公司* @create 2019-12-01 15:42*/
@Service("shiroUserService")
public class ShiroUserServiceImpl implements ShiroUserService {@Autowiredprivate ShiroUserMapper shiroUserMapper;@Overridepublic ShiroUser queryByName(String userName) {return shiroUserMapper.queryByName(userName);}@Overridepublic int insertSelective(ShiroUser record) {return shiroUserMapper.insertSelective(record);}}
MyRealm
自定义的数据源,用来访问数据库来获取用户信息
package com.hyf.ssm.shiro;import com.hyf.ssm.model.ShiroUser;
import com.hyf.ssm.service.ShiroUserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;/*** @author xhy* @site www.4399.com* @company xxx公司* @create 2019-12-01 15:03* *
* 充当了ini文件,也就是数据源文件*/
public class MyRealm extends AuthorizingRealm {private ShiroUserService shiroUserService;public ShiroUserService getShiroUserService() {return shiroUserService;}public void setShiroUserService(ShiroUserService shiroUserService) {this.shiroUserService = shiroUserService;}/** 授权* */@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {return null;}/** 认证** token 是从controller层传递过来的,也就是说登录操作就会防问这个方法** */@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {String userNaem = token.getPrincipal().toString();ShiroUser shiroUser = shiroUserService.queryByName(userNaem);AuthenticationInfo info = new SimpleAuthenticationInfo(shiroUser.getUsername(),shiroUser.getPassword(),ByteSource.Util.bytes(shiroUser.getSalt()),this.getName());return info;}
}applicationContext-shiro.xml
<beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"><bean id="shiroRealm" class="com.hyf.ssm.shiro.MyRealm"><property name="shiroUserService" ref="shiroUserService" /><property name="credentialsMatcher"><bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"><property name="hashAlgorithmName" value="md5"/><property name="hashIterations" value="1024"/><property name="storedCredentialsHexEncoded" value="true"/>bean>property>bean><bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"><property name="realm" ref="shiroRealm" />bean><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"><property name="securityManager" ref="securityManager" /><property name="loginUrl" value="/login"/><property name="unauthorizedUrl" value="/unauthorized.jsp"/><property name="filterChainDefinitions"><value>/user/login=anon/user/updatePwd.jsp=authc/admin/*.jsp=roles[admin]/user/teacher.jsp=perms["user:update"]value>property>bean><bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
beans>
applicationContext.xml
ShiroUserController
package com.hyf.ssm.controller;import com.hyf.ssm.model.ShiroUser;
import com.hyf.ssm.service.ShiroUserService;
import com.hyf.ssm.utils.PasswordHelper;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;/*** @author xhy* @site www.4399.com* @company xxx公司* @create 2019-12-01 16:19*/
@Controller
public class ShiroUserController {@Autowiredprivate ShiroUserService shiroUserService;@RequestMapping("/login")public String login(HttpServletResponse response, HttpServletRequest request){String uname = request.getParameter("username");String pwd =request.getParameter("password");UsernamePasswordToken token = new UsernamePasswordToken(uname,pwd);Subject subject = SecurityUtils.getSubject();try {subject.login(token);request.setAttribute("username",uname);return "main";}catch (Exception e){request.setAttribute("message","用户名或者密码错误");return "login";}}@RequestMapping("/logout")public String logout(HttpServletRequest request){Subject subject = SecurityUtils.getSubject();subject.logout();return "redirect:/login.jsp";}@RequestMapping("/register")public String register(HttpServletRequest request){// 用户的账号String username = request.getParameter("username");// 用户密码String password = request.getParameter("password");// 获取到盐String salt = PasswordHelper.createSalt();//凭证+盐加密后得到的密码String credentials = PasswordHelper.createCredentials(password, salt);ShiroUser shiroUser = new ShiroUser(username,credentials,salt);shiroUserService.insertSelective(shiroUser);return "redirect:/login.jsp";}}导入上一篇博客的jsp文件
新增一个注册页面:
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
Title
用户注册
${message}
运行结果:
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!