因為在實際應用中用戶密碼不會使用明文保存,最廣泛的是使用md5 sha等不可逆的加密算法將密碼加密后存入數據庫,所以在認證的時候也要將登錄請求中的密碼做同樣的加密才能與數據庫中數據做比對。
創建用戶
@Getter @Setter public class User implements Serializable { private String id; private String username; private String password; private String salt; public User(String username, String password) { this.id = UUID.randomUUID().toString().replace("-", ""); this.username = username; this.salt = getId().substring(0, 6); this.password = new Sha512Hash(password, getSalt()).toString(); } }
創建數據源
public class UserService { private static final Map<String, User> userMap = new HashMap<>(); static { userMap.put("admin1", new User("admin1", "123456")); userMap.put("admin2", new User("admin2", "123456")); } public static User getUserByName(String name) { return userMap.get(name); } }
修改MyRealm
protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; String name = token.getUsername(); String password = String.valueOf(token.getPassword()); User user = UserService.getUserByName(name); if (null == user) { return null; } else { String credentials = new Sha512Hash(password, user.getSalt()).toString(); token.setPassword(credentials.toCharArray()); return new SimpleAuthenticationInfo(user, user.getPassword(), getName()); } }