Shiro密碼加密

相關類

org.apache.shiro.authc.credential.CredentialsMatcher

org.apache.shiro.authc.credential.SimpleCredentialsMatcher

org.apache.shiro.authc.credential.HashedCredentialsMatcher

org.apache.shiro.crypto.hash.Md5Hash

org.apache.shiro.crypto.hash.SimpleHash

測試類

密碼加密Md5Hash和SimpleHash

加密算法 鹽 迭代次數 Hex/Base64

package com.mozq.shiro.shiro01.test;

import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.crypto.hash.SimpleHash;

public class CryptoTest_01 {
    public static void main(String[] args) {
        String password = "changhe";
        String salt = "changheluoriyuan";
        int hashIterations = 5;
        //哈希
        Md5Hash md5Hash = new Md5Hash(password);
        System.out.println(md5Hash.toString());//40da95a4e76c2678a81aa4e114349063

        //哈希+加鹽
        Md5Hash md5SaltHash = new Md5Hash(password, salt);
        System.out.println(md5SaltHash.toString());//334f0241faaab8ffe81e4a6b9c493b21

        //哈希+加鹽+次數
        Md5Hash md5SaltIterateHash = new Md5Hash(password, salt, hashIterations);
        System.out.println(md5SaltIterateHash.toString());//96ff601332575cb7c3be7304aaad57b1

        SimpleHash simpleHash = new SimpleHash("MD5", password, salt, hashIterations);
        System.out.println(simpleHash.toString());//96ff601332575cb7c3be7304aaad57b1
        /*
        Md5Hash繼承SimpleHash。能使用Md5Hash的地方就能夠使用SimpleHash。只用看2個類的構造器就可以明白它們的關系。
        
        Hex/Base64
        再者就是SimpleHash的 toString() toHex() toBase64() 3個方法的關系。
        它們與 HashedCredentialsMatcher 的 storedCredentialsHexEncoded 字段是對應的。
         */
    }
}

密碼解密HashedCredentialsMatcher和SimpleAuthenticationInfo

HashedCredentialsMatcher 存儲 加密算法 迭代次數 Hex/Base64

SimpleAuthenticationInfo 存儲 鹽 加密后字符串

UsernamePasswordToken 存儲登錄時用戶名和密碼。

hashedCredentialsMatcher.doCredentialsMatch(token, info) 方法完成認證。

加密后字符串 = 原密碼 + 加密算法 + 鹽 + 迭代次數 + Hex/Base64

package com.mozq.shiro.shiro01.test;

import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.util.ByteSource;

public class CryptoTest_02 {
    public static void main(String[] args) {
        String username = "liubei";
        String password = "changhe";
        String hashPassword = "96ff601332575cb7c3be7304aaad57b1";
        String salt = "changheluoriyuan";
        int hashIterations = 5;

        //創建認證信息和令牌
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
//        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, hashPassword, "MozqRealm");
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, hashPassword, ByteSource.Util.bytes(salt), "MozqRealm");

        //創建匹配器
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("MD5");//不設置算法名稱將報錯
        //是Hex編碼的還是Base64編碼的。對應SimpleHash的toHex()和toBase64()
        hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);
        hashedCredentialsMatcher.setHashIterations(hashIterations);//默認迭代次數為1

        boolean success = hashedCredentialsMatcher.doCredentialsMatch(token, info);
        System.out.println(success);
        /*
        Exception in thread "main" java.lang.IllegalStateException: Required 'hashAlgorithmName' property has not been set.  This is required to execute the hashing algorithm.
        原因：new HashedCredentialsMatcher() 沒有設置匹配器的算法名。

        Exception in thread "main" java.lang.IllegalArgumentException: Odd number of characters.
        原因：new SimpleAuthenticationInfo(username, hashPassword, "MozqRealm") 傳入的是原始密碼，匹配器中匹配時出錯。

        false
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, hashPassword, "MozqRealm");
        原因：密碼是加鹽的，但是制造的認證信息沒有提供鹽，則導致后面的認證失敗。

        true
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, hashPassword, ByteSource.Util.bytes(salt), "MozqRealm");
         */
    }
}