Shiro匹配credentialsMatcher和用戶密碼創建不匹配

Question

我使用shiro作爲我的Java 1.8應用程序的身份驗證。我的用戶創建將sha256和鹽。

Shiro只會在輸入的數據庫中確切地匹配密碼。例如，如果數據庫密碼是純文本並且是「密碼」，並且我輸入了「密碼」，它就可以工作。

如果我在數據庫中加密密碼時輸入了'密碼'，它將不匹配，並且會失敗。

我如何獲得shiro從輸入的內容創建sha256和sal密碼以便密碼匹配？

我的用戶創建代碼

EntityManagerFactory factory = 
        Persistence.createEntityManagerFactory("e"); 

      EntityManager em = factory.createEntityManager(); 
      em.getTransaction().begin(); 

      com.e.dto.User user = new com.e.dto.User(); 

      DefaultPasswordService a = new DefaultPasswordService(); 
      password = a.encryptPassword(password); 

      user.setUsername(username); 
      user.setPassword(password); 

      em.persist(user); 

     em.getTransaction().commit(); 

shiro.ini

jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm 
jdbcRealm.authenticationQuery = SELECT password from user where username = ? 
jdbcRealm.userRolesQuery = select role from userroles where userID = (select id FROM user WHERE username = ?) 

ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource 
ds.serverName = localhost 
ds.user = root 
ds.password = password 
ds.databaseName = myDatabase 
jdbcRealm.dataSource= $ds 

credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher 
credentialsMatcher.hashAlgorithmName = SHA-256 
credentialsMatcher.storedCredentialsHexEncoded = true 
credentialsMatcher.hashIterations = 10000 
credentialsMatcher.hashSalted = true 

新用戶密碼

$shiro1$SHA-256$500000$xRvz5dByhvAtFG7VHlCjHA==$xxakvEZdBF6cI+UmyR1OY098tAlscOKhpwQuT7THijw= 

Answer 1

爲了讓密碼相匹配的DefaultPasswordService對象必須在ini創建然後設置爲org.apache.shiro.authc.credential.PasswordMatcherpasswordService值

https://shiro.apache.org/static/1.3.1/apidocs/org/apache/shiro/authc/credential/PasswordService.html

passwordService = org.apache.shiro.authc.credential.DefaultPasswordService 
# configure the passwordService to use the settings you desire 

passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher 
passwordMatcher.passwordService = $passwordService