实现简易版注册+完善登录
依赖
依赖加入mybatis、mysql驱动、druid数据源
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.1.4</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.22</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.2.3</version>
</dependency>
数据库
数据库字段,salt是盐

yml略,加上mybatis和数据源的配置即可
实体类,对应数据库字段
mapper接口
void save(User user);
xml
insert into test value(#{id},#{name},#{pass},#{salt})
service
void register(User user);
serviceImpl
@Autowired
private UserMapper userMapper;
@Override
public void register(User user) {
//业务
//1.生成随机盐
String salt = SaltUtils.getSalt(8);
//2.将随机盐保存到数据
user.setSalt(salt);
//3.明文密码进行MD5+盐+散列
Md5Hash md5Hash = new Md5Hash(user.getPass(),salt,1024);
user.setPass(md5Hash.toHex());
userMapper.save(user);
}
SaltUtils工具类(生成随机盐)
每次从char数组里随机拿n个字符作为随机盐
public class SaltUtils {
/**
* 生成salt的静态方法
*/
public static String getSalt(int n){
char[] chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~!@#$%^&*()_+".toCharArray();
int length = chars.length;
StringBuffer sb = new StringBuffer();
for (int i = 0; i < n; i++){
char achar = chars[new Random().nextInt(length)];
sb.append(achar);
}
return sb.toString();
}
/* public static void main(String[] args) {
System.out.println(getSalt(8));
}*/
}
controller略,调service,暴露请求
请求传递User后数据库数据:
基于MD5+盐+散列的注册就完成了
完善登录
上一篇自定义realm的认证是假装调用dao,这次给它用真的dao完成认证
mapper加上一个根据名字查用户的方法
User findByName(String name);
xml
select id,name,pass,salt from test where name = #{name}
service和serviceImpl略
看下之前的自定义realm
public class CustomerRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
String principal = (String) authenticationToken.getPrincipal();
if("zhaoshanhe".equals(principal)){
return new SimpleAuthenticationInfo(principal,"123456",getName());
}
return null;
}
}
下边就完善它
public class CustomerRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
String principal = (String) authenticationToken.getPrincipal();
User user = userService.findByName(principal);
if (!ObjectUtils.isEmpty(user)){
return new SimpleAuthenticationInfo(user.getName(),user.getPass(), ByteSource.Util.bytes(user.getSalt()),getName());
}
return null;
}
}
因为上边注册的时候用了MD5+盐+散列,所以还要改掉Shiro配置类里的getRealm方法。
//创建自定义Realm
@Bean("customerRealm")
public Realm getRealm(){
CustomerRealm customerRealm = new CustomerRealm();
//修改凭证校验匹配器
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
//设置算法为MD5
hashedCredentialsMatcher.setHashAlgorithmName("md5");
//设置散列次数
hashedCredentialsMatcher.setHashIterations(1024);
customerRealm.setCredentialsMatcher(hashedCredentialsMatcher);
return customerRealm;
}
这才算完
本文介绍了如何在SpringBoot项目中结合Shiro进行MD5加随机盐的用户认证。首先,文章列出了所需的依赖,包括mybatis、mysql驱动和druid数据源。接着,详细阐述了数据库的设计,特别是在用户表中添加了盐(salt)字段。然后,逐步讲解了实体类、mapper接口、xml文件、service和服务实现类的创建,以及专门用于生成随机盐的SaltUtils工具类。在控制器中,调用service完成注册功能,实现了基于MD5+盐+散列的用户注册。最后,文章完善了登录功能,更新了自定义realm的认证逻辑,以配合新的用户认证方式。
MD5随机盐散列版认证&spm=1001.2101.3001.5002&articleId=110133690&d=1&t=3&u=3d9a8a2e63db41d295ee8eee712d5cff)
1191

被折叠的 条评论
为什么被折叠?



