org.apache.shiro.util.ByteSource Java Examples

The following examples show how to use org.apache.shiro.util.ByteSource. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: MySimpleHash.java    From cms with Apache License 2.0 6 votes vote down vote up
public MySimpleHash(String algorithmName, Object source, Object salt, int hashIterations) throws CodecException, UnknownAlgorithmException {
    this.hexEncoded = null;
    this.base64Encoded = null;
    if (!StringUtils.hasText(algorithmName)) {
        throw new NullPointerException("algorithmName argument cannot be null or empty.");
    } else {
        this.algorithmName = algorithmName;
        this.iterations = Math.max(1, hashIterations);
        ByteSource saltBytes = null;
        if (salt != null) {
            saltBytes = this.convertSaltToBytes(salt);
            this.salt = saltBytes;
        }

        ByteSource sourceBytes = this.convertSourceToBytes(source);
        this.hash(sourceBytes, saltBytes, hashIterations);
    }
}
 
Example #2
Source File: PersonDAOImpl.java    From arcusplatform with Apache License 2.0 6 votes vote down vote up
private List<String> generateHashAndSalt(String password) {
   CredentialsHashingStrategy hashingStrategy = ServiceLocator.getInstance(CredentialsHashingStrategy.class);
   if(hashingStrategy == null) {
      throw new IllegalStateException("No credentials hashing strategy has been found, please be sure that a concrete implementation of CredentialsHashingStrategy has been injected.");
   }

   String hashedPassword = password;
   String salt = null;

   if(hashingStrategy.isSalted()) {
      ByteSource saltBytes = hashingStrategy.generateSalt();
      salt = saltBytes.toBase64();
      hashedPassword = hashingStrategy.hashCredentials(password,  saltBytes);
   }
   return ImmutableList.of(hashedPassword, salt);
}
 
Example #3
Source File: JpaRealm.java    From init-spring with Apache License 2.0 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException
{
	String username = token.getPrincipal().toString();
	User user = this.jpaRealmRepository.findUserByName(username);

	if (null == user)
	{
		log.error("没有相关用户!");
		throw new UnknownAccountException();
	}

	String principal = username;
	String hashedCredentials = user.getPasswordHash();
	ByteSource credentialsSalt = ByteSource.Util.bytes(user.getName() + new String(user.getPasswordSalt()));
	String realmName = getName();

	SimpleAuthenticationInfo authentication = new SimpleAuthenticationInfo(principal, hashedCredentials, credentialsSalt, realmName);
	return authentication;
}
 
Example #4
Source File: UserRealm.java    From springboot-learn with MIT License 6 votes vote down vote up
/**
 * 提供账户信息返回认证信息(用户的角色信息集合)
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    System.out.println("=================用户认证=================");
    //获取用户的输入的账号.
    String username = (String) token.getPrincipal();
    User user = userService.getByUserName(username);
    if (user == null) {
        throw new UnknownAccountException("账号不存在!");
    }
    if (user.getStatus() != null && UserStatusEnum.DISABLE.getCode().equals(user.getStatus())) {
        throw new LockedAccountException("帐号已被锁定,禁止登录!");
    }

    // principal参数使用用户Id,方便动态刷新用户权限
    return new SimpleAuthenticationInfo(
            user,
            user.getPassword(),
            ByteSource.Util.bytes(username),
            getName()
    );
}
 
Example #5
Source File: MyShiroRealm.java    From scaffold-cloud with MIT License 6 votes vote down vote up
/**认证*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    //获取用户的输入的账号.
    String username = (String) token.getPrincipal();
    SysOperateBO operator = sysOperateFeign.findByUserName(username).getData();

    // 帐号锁定
    if (operator.getStatus() == null || operator.getStatus() == 1) {
        throw new LockedAccountException();
    }
    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
            username,
            operator.getPwd(),
            ByteSource.Util.bytes(username),
            getName()
    );
    //当验证都通过后,把用户信息放在session里
    Session session = SecurityUtils.getSubject().getSession();
    session.setAttribute(SESSION_ATTRIBUTE_KEY_OPERATOR, operator);
    session.setAttribute(SESSION_ATTRIBUTE_KEY_OPERATOR_ID, operator.getId());
    return authenticationInfo;

}
 
Example #6
Source File: ShiroDbRealm.java    From Mario with Apache License 2.0 6 votes vote down vote up
/**
 * 认证回调函数,登录时调用.
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
        throws AuthenticationException {
    UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
    User user = accountService.findUserByLoginName(token.getUsername());
    if (user != null) {
        if (user.getStatus().equals("0")) {//disable
            throw new DisabledAccountException();
        }

        //用户对应的Menu信息
        List<Menu> menus = accountService.findMenuByUserID(user.getId());
        Subject currentUser = SecurityUtils.getSubject();
        Session session = currentUser.getSession();
        session.setAttribute("menuList", menus);

        byte[] salt = Encodes.decodeHex(user.getSalt());
        return new SimpleAuthenticationInfo(new ShiroUser(user.getId(), user.getLoginName(), user.getName()),
                user.getPassword(), ByteSource.Util.bytes(salt), getName());
    } else {
        return null;
    }
}
 
Example #7
Source File: ShiroRealm.java    From springboot-shiro with MIT License 6 votes vote down vote up
/**
 * 提供账户信息返回认证信息(用户的角色信息集合)
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    //获取用户的输入的账号.
    String username = (String) token.getPrincipal();
    User user = userService.getByUserName(username);
    if (user == null) {
        throw new UnknownAccountException("账号不存在!");
    }
    if (user.getStatus() != null && UserStatusEnum.DISABLE.getCode().equals(user.getStatus())) {
        throw new LockedAccountException("帐号已被锁定,禁止登录!");
    }

    // principal参数使用用户Id,方便动态刷新用户权限
    return new SimpleAuthenticationInfo(
            user.getId(),
            user.getPassword(),
            ByteSource.Util.bytes(username),
            getName()
    );
}
 
Example #8
Source File: MyShiroRealm.java    From EasyReport with Apache License 2.0 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token)
    throws AuthenticationException {
    final String account = (String)token.getPrincipal();
    final User user = this.membershipFacade.getUser(account);

    if (user == null) {
        throw new UnknownAccountException();
    }
    if (user.getStatus() == 0) {
        throw new LockedAccountException();
    }

    // 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配
    return new SimpleAuthenticationInfo(
        user.getAccount(), user.getPassword(),
        ByteSource.Util.bytes(user.getCredentialsSalt()),
        getName());
}
 
Example #9
Source File: UserRealm.java    From spring-tutorial with Creative Commons Attribution Share Alike 4.0 International 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

	String username = (String) token.getPrincipal();

	User user = userService.findByUsername(username);

	if (user == null) {
		throw new UnknownAccountException();// 没找到帐号
	}

	if (Boolean.TRUE.equals(user.getLocked())) {
		throw new LockedAccountException(); // 帐号锁定
	}

	// 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配,如果觉得人家的不好可以自定义实现
	SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user.getUsername(), // 用户名
		user.getPassword(), // 密码
		ByteSource.Util.bytes(user.getCredentialsSalt()), // salt=username+salt
		getName() // realm name
	);
	return authenticationInfo;
}
 
Example #10
Source File: UserRealm.java    From seezoon-framework-all with Apache License 2.0 6 votes vote down vote up
/**
 * 认证(登录时调用)
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
		throws AuthenticationException {
	UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
	// 查询用户信息
	SysUser sysUser = sysUserService.findByLoginName(token.getUsername());
	// 账号不存在
	if (sysUser == null) {
		throw new UnknownAccountException("账号或密码不正确");
	}
	// 禁用状态
	if (SysUser.STATUS_STOP.equals(sysUser.getStatus())) {
		throw new LockedAccountException("账号已被禁用");
	}
	User user = new User(sysUser.getId(), sysUser.getDeptId(), sysUser.getDeptName(), sysUser.getLoginName(),
			sysUser.getName(),sysUser.getStatus());
	//放入角色
	user.setRoles(sysRoleService.findByUserId(user.getUserId()));
	SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, sysUser.getPassword(),
			ByteSource.Util.bytes(sysUser.getSalt()), getName());
	return info;
}
 
Example #11
Source File: AuthRealm.java    From spring-boot-demo with MIT License 6 votes vote down vote up
/**
 * 认证(主要是用来进行身份认证的,也就是说验证用户输入的账号和密码是否正确)
 *
 * @param token
 * @return
 * @throws AuthenticationException
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    log.info("调用认证方法");
    //获取用户的输入的账号.
    String username = (String) token.getPrincipal();
    if (username == null) {
        throw new AuthenticationException("账号名为空,登录失败!");
    }

    log.info("credentials:" + token.getCredentials());
    UserInfo userInfo = userInfoService.findByUsername(username);
    if (userInfo == null) {
        throw new AuthenticationException("不存在的账号,登录失败!");
    }

    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
            userInfo,                                               //用户
            userInfo.getPassword(),                                 //密码
            ByteSource.Util.bytes(userInfo.getCredentialsSalt()),   //加盐后的密码
            getName()                                               //指定当前 Realm 的类名
    );
    return authenticationInfo;
}
 
Example #12
Source File: MyRealm.java    From MyBlog with Apache License 2.0 6 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (token == null || StringUtils.isBlank((String) token.getPrincipal())) {
        return null;
    }
    //根据token中的用户名查库,获得user对象
    UserPo userPo = userService.queryUserByName((String) token.getPrincipal());
    if (userPo == null) {
        return null;
    }
    //SimpleAuthenticationInfo代表该用户的认证信息,其实就是数据库中的用户名、密码、加密密码使用的盐
    //存在数据库中的密码是对用户真是密码通过md5加盐加密得到的,保证安全,及时数据泄露,也得不到真正的用户密码
    //getName()返回该realm的名字,代表该认证信息的来源是该realm,作用不大,一般都是单realm
    //该方法返回后,上层会对token和SimpleAuthenticationInfo进行比较,首先比较Principal(),然后将token的Credentials
    //进行md5加上SimpleAuthenticationInfo中的盐加密,加密结果和SimpleAuthenticationInfo的Credentials比较
    return new SimpleAuthenticationInfo(
            userPo.getUserName(), userPo.getPassword(), ByteSource.Util.bytes(userPo.getUserName()), getName());
}
 
Example #13
Source File: Helpers.java    From jqm with Apache License 2.0 6 votes vote down vote up
/**
 * Creates a new user if does not exist. If it exists, it is unlocked and roles are reset (password is untouched).
 *
 * @param cnx
 * @param login
 * @param password
 *                        the raw password. it will be hashed.
 * @param description
 * @param roles
 */
static void createUserIfMissing(DbConn cnx, String login, String password, String description, String... roles)
{
    try
    {
        int userId = cnx.runSelectSingle("user_select_id_by_key", Integer.class, login);
        cnx.runUpdate("user_update_enable_by_id", userId);
        RUser.set_roles(cnx, userId, roles);
    }
    catch (NoResultException e)
    {
        String saltS = null;
        String hash = null;
        if (null != password && !"".equals(password))
        {
            ByteSource salt = new SecureRandomNumberGenerator().nextBytes();
            hash = new Sha512Hash(password, salt, 100000).toHex();
            saltS = salt.toHex();
        }

        RUser.create(cnx, login, hash, saltS, roles);
    }
}
 
Example #14
Source File: OperatorRealm.java    From roncoo-pay with Apache License 2.0 5 votes vote down vote up
@Override
// 验证的核心方法
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

    String loginName = (String) token.getPrincipal();
    if (StringUtils.isEmpty(loginName.trim())) {
        throw new UnknownAccountException();// 没找到帐号
    }

    // 根据登录名查询操作员
    PmsOperator operator = pmsOperatorService.findOperatorByLoginName(loginName);

    if (operator == null) {
        throw new UnknownAccountException();// 没找到帐号
    }

    if (PublicStatusEnum.UNACTIVE.equals(operator.getStatus())) {
        throw new LockedAccountException(); // 帐号锁定
    }

    // 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配,如果觉得人家的不好可以自定义实现
    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(operator.getLoginName(), // 登录名
            operator.getLoginPwd(), // 密码
            ByteSource.Util.bytes(operator.getCredentialsSalt()), // salt=username+salt
            getName() // realm name
    );

    return authenticationInfo;
}
 
Example #15
Source File: Sha256CredentialsHashingStrategy.java    From arcusplatform with Apache License 2.0 5 votes vote down vote up
@Override
public String hashCredentials(String credentials, ByteSource salt) {
   if(credentials == null || salt == null) {
      return null;
   }

   return new Sha256Hash(credentials, salt, ITERATIONS).toBase64();
}
 
Example #16
Source File: UserRealm.java    From easyweb-shiro with MIT License 5 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    String username = (String) authenticationToken.getPrincipal();
    User user = userService.getByUsername(username);
    if (user == null) {
        throw new UnknownAccountException(); // 账号不存在
    }
    if (user.getState() != 0) {
        throw new LockedAccountException();  // 账号被锁定
    }
    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getUsername()), getName());
    return authenticationInfo;
}
 
Example #17
Source File: LoginAuth.java    From jboot-admin with Apache License 2.0 5 votes vote down vote up
@Override
public AuthenticationInfo buildAuthenticationInfo(AuthenticationToken authenticationToken) {
    String loginName = authenticationToken.getPrincipal().toString();

    UserService sysUserApi = Jboot.service(UserService.class);
    User sysUser = sysUserApi.findByName(loginName);
    String salt2 = sysUser.getSalt2();
    String pwd = sysUser.getPwd();

    return new SimpleAuthenticationInfo(loginName, pwd, ByteSource.Util.bytes(salt2), "ShiroDbRealm");
}
 
Example #18
Source File: ClientAuthorizingRealm.java    From cms with Apache License 2.0 5 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
        throws AuthenticationException {
    UsernamePasswordCaptchaToken token = (UsernamePasswordCaptchaToken) authcToken;

    if (LOG.isDebugEnabled()) {
        LOG.debug(">>>login submit user token: {}", JSON.toJSON(token));
    }

    String username = token.getUsername();
    //String stype = token.getStype();
    boolean isMobile = token.isMobile();
    if (username == null) {
        throw new AccountException("Null usernames are not allowed by this realm.");
    }
    Account account = accountService.getAccountLogin(username);

    if (null == account) {
        throw new UnknownAccountException("No account found for user [" + username + "]");
    }

    if (ConstantsUtils.ACCOUNTLOCKED.NO.getIndex() == account.getLocked()) {
        // throw new AuthenticationException("该已帐号冻结,禁止登录.");
        throw new LockedAccountException("The sub-account frozen, banned from.");
    }

    Role role = roleService.getRoleByUserId(account.getUserId());
    if (role == null) {
        throw new RoleException("获得用户角色为空");
    }

    return new SimpleAuthenticationInfo(new Principal(account, isMobile, role.getRoleId(), role.getRoleCode(), Long.parseLong(ConstantsUtils.SITE_ID_DEFAULT)),
            account.getPassword(), ByteSource.Util.bytes(account.getCredentialsSalt()), // salt=username+salt
            getName() // realm name
    );

}
 
Example #19
Source File: ShiroFactroy.java    From web-flash with MIT License 5 votes vote down vote up
public SimpleAuthenticationInfo info(ShiroUser shiroUser, User user, String realmName) {
    String credentials = user.getPassword();
    // 密码加盐处理
    String source = user.getSalt();
    ByteSource credentialsSalt = new Md5Hash(source);
    return new SimpleAuthenticationInfo(shiroUser, credentials, credentialsSalt, realmName);
}
 
Example #20
Source File: ShiroPasswordService.java    From EasyReport with Apache License 2.0 5 votes vote down vote up
@Override
public String encode(final CharSequence rawPassword, final String credentialsSalt) {
    return new SimpleHash(
        this.algorithmName,
        rawPassword,
        ByteSource.Util.bytes(credentialsSalt),
        this.hashIterations).toHex();
}
 
Example #21
Source File: PasswordHelper.java    From VideoMeeting with Apache License 2.0 5 votes vote down vote up
public void encryptPassword(User user) {
	// 加密方式要和配置文件中配置的方式相一致
	user.setSalt(randomNumberGenerator.nextBytes().toHex());
	String newPassword = new SimpleHash(algorithmName, user.getPassword(),
			ByteSource.Util.bytes(user.getCredentialsSalt()),
			hashIterations).toHex();
	user.setPassword(newPassword);
}
 
Example #22
Source File: EncryptUtils.java    From parker with MIT License 5 votes vote down vote up
/**
 * Shiro的MD5加密,加密方式是对字符串salt+password进行加密
 * @param salt 盐
 * @param password 密码
 * @return
 */
public static String shiroMd5(String salt, String password){
    String algorithmName = "MD5";
    ByteSource byteSalt = ByteSource.Util.bytes(salt);
    SimpleHash simpleHash = new SimpleHash(algorithmName, password, byteSalt, DEFAULT_ITERATIONS);
    return simpleHash.toHex();
}
 
Example #23
Source File: SystemAuthorizingRealm.java    From easyweb with Apache License 2.0 5 votes vote down vote up
/**
	 * 认证回调函数, 登录时调用
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;

//		int activeSessionSize =sessionDao.getActiveSessions(false).size();
//		if (logger.isDebugEnabled()){
//			logger.debug("login submit, active session size: {}, username: {}", activeSessionSize, token.getUsername());
//		}

		// 校验登录验证码
		if (LoginUtil.isValidateCodeLogin(token.getUsername(), false, false)){
			Session session = UserUtils.getSession();
			String code = (String)session.getAttribute(ValidateCodeServlet.VALIDATE_CODE);
			if (token.getCaptcha() == null || !token.getCaptcha().toUpperCase().equals(code)){
				throw new AuthenticationException("msg:验证码错误, 请重试.");
			}
		}

		// 校验用户名密码
		SysUser user = sysUserService.getByLoginName(token.getUsername());
		if (user != null) {
			if (Global.NO.equals(user.getLoginFlag())){
				throw new AuthenticationException("msg:该已帐号禁止登录.");
			}
			ByteSource credentialsSalt = ByteSource.Util.bytes(user.getLoginName());
//			SimpleAuthenticationInfo info =  new SimpleAuthenticationInfo(new Principal(user),
//					user.getPassword(), credentialsSalt, user.getName());
			SimpleAuthenticationInfo info =  new SimpleAuthenticationInfo(user.getLoginName(),
					user.getPassword(), credentialsSalt, user.getName());
			return info;
		} else {
			return null;
		}
	}
 
Example #24
Source File: MetaService.java    From jqm with Apache License 2.0 5 votes vote down vote up
public static void changeUserPassword(DbConn cnx, int userId, String newPassword)
{
    ByteSource salt = new SecureRandomNumberGenerator().nextBytes();
    String hash = new Sha512Hash(newPassword, salt, 100000).toHex();

    QueryResult qr = cnx.runUpdate("user_update_password_by_id", hash, salt.toHex(), userId);
    if (qr.nbUpdated == 0)
    {
        throw new JqmAdminApiUserException("user with this ID does not exist");
    }
}
 
Example #25
Source File: SystemAuthorizingRealm.java    From cms with Apache License 2.0 5 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
        throws AuthenticationException {
    UsernamePasswordCaptchaToken token = (UsernamePasswordCaptchaToken) authcToken;

    if (LOG.isDebugEnabled()) {
        LOG.debug(">>>login submit user token: {}", JSON.toJSON(token));
    }

    String username = token.getUsername();
    //String stype = token.getStype();
    boolean isMobile = token.isMobile();
    if (username == null) {
        throw new AccountException("Null usernames are not allowed by this realm.");
    }
    Account account = accountService.getAccountLogin(username);

    if (null == account) {
        throw new UnknownAccountException("No account found for user [" + username + "]");
    }

    if (ConstantsUtils.ACCOUNTLOCKED.NO.getIndex() == account.getLocked()) {
        // throw new AuthenticationException("该已帐号冻结,禁止登录.");
        throw new LockedAccountException("The sub-account frozen, banned from.");
    }

    Role role = roleService.getRoleByUserId(account.getUserId());
    if (role == null) {
        throw new RoleException("获得用户角色为空");
    }

    return new SimpleAuthenticationInfo(new Principal(account, isMobile, role.getRoleId(), role.getRoleCode(), Long.parseLong(ConstantsUtils.SITE_ID_DEFAULT)),
            account.getPassword(), ByteSource.Util.bytes(account.getCredentialsSalt()), // salt=username+salt
            getName() // realm name
    );

}
 
Example #26
Source File: shiroDbRealm.java    From PhrackCTF-Platform-Team with Apache License 2.0 5 votes vote down vote up
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
	UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
	Users user = userServices.getUserByEmail(token.getUsername());

	if (user!=null && user.getIsenabled()) {
		SimpleAuthenticationInfo ai= new SimpleAuthenticationInfo(user.getEmail(),user.getPassword(),ByteSource.Util.bytes(user.getSalt()),getName());
		return ai;
	} else {
		throw new AuthenticationException();
	}
	//return null;
}
 
Example #27
Source File: MyShiroRealm.java    From SpringBootBucket with MIT License 5 votes vote down vote up
/**
     * 认证信息.(身份验证)
     * Authentication 是用来验证用户身份
     *
     * @param token
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
            throws AuthenticationException {

        _logger.info("MyShiroRealm.doGetAuthenticationInfo()");

        //获取用户的输入的账号.
        String username = (String) token.getPrincipal();
        //_logger.info("用户的账号:"+username);

        //通过username从数据库中查找 ManagerInfo对象
        //实际项目中,这里可以根据实际情况做缓存,如果不做,Shiro自己也是有时间间隔机制,2分钟内不会重复执行该方法
        ManagerInfo managerInfo = managerInfoService.findByUsername(username);

        if (managerInfo == null) {
            return null;
        }

        //交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配,如果觉得人家的不好可以自定义实现
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                managerInfo, //用户
                managerInfo.getPassword(), //密码
                ByteSource.Util.bytes(managerInfo.getCredentialsSalt()),//salt=username+salt
                getName()  //realm name
        );

        //明文: 若存在,将此用户存放到登录认证info中,无需自己做密码对比,Shiro会为我们进行密码对比校验
//        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
//                managerInfo, //用户名
//                managerInfo.getPassword(), //密码
//                getName()  //realm name
//        );
        return authenticationInfo;
    }
 
Example #28
Source File: PasswordHelper.java    From cms with Apache License 2.0 5 votes vote down vote up
public void encryptPassword(Account account) {

    	account.setSalt(randomNumberGenerator.nextBytes().toHex());

        String newPassword = new SimpleHash(
                algorithmName,
                account.getPassword(),
                ByteSource.Util.bytes(account.getCredentialsSalt()),
                hashIterations).toHex();

        account.setPassword(newPassword);
    }
 
Example #29
Source File: PasswordHelper.java    From wetech-admin with MIT License 5 votes vote down vote up
public void encryptPassword(User user) {

        user.setSalt(randomNumberGenerator.nextBytes().toHex());

        String newPassword = new SimpleHash(
                algorithmName,
                user.getPassword(),
                ByteSource.Util.bytes(user.getCredentialsSalt()),
                hashIterations).toHex();

        user.setPassword(newPassword);
    }
 
Example #30
Source File: WebPageSource.java    From cms with Apache License 2.0 5 votes vote down vote up
@Test
public void SimpleHash() throws NoSuchAlgorithmException {
    String salt = "5909af55d288d8f2581f7d572f2eb6bb"; //new SecureRandomNumberGenerator().nextBytes().toHex();
    String newPassword = new MySimpleHash(
            "MD5",
            "123456",
            ByteSource.Util.bytes("demo" + salt),
            2).toString();


    System.out.println(salt);
    System.out.println(newPassword);
}