0
我使用shiro作爲我的Java 1.8應用程序的身份驗證。我的用戶創建將sha256和鹽。Shiro匹配credentialsMatcher和用戶密碼創建不匹配
Shiro只會在輸入的數據庫中確切地匹配密碼。例如,如果數據庫密碼是純文本並且是「密碼」,並且我輸入了「密碼」,它就可以工作。
如果我在數據庫中加密密碼時輸入了'密碼',它將不匹配,並且會失敗。
我如何獲得shiro從輸入的內容創建sha256和sal密碼以便密碼匹配?
我的用戶創建代碼
EntityManagerFactory factory =
Persistence.createEntityManagerFactory("e");
EntityManager em = factory.createEntityManager();
em.getTransaction().begin();
com.e.dto.User user = new com.e.dto.User();
DefaultPasswordService a = new DefaultPasswordService();
password = a.encryptPassword(password);
user.setUsername(username);
user.setPassword(password);
em.persist(user);
em.getTransaction().commit();
shiro.ini
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.authenticationQuery = SELECT password from user where username = ?
jdbcRealm.userRolesQuery = select role from userroles where userID = (select id FROM user WHERE username = ?)
ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource
ds.serverName = localhost
ds.user = root
ds.password = password
ds.databaseName = myDatabase
jdbcRealm.dataSource= $ds
credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
credentialsMatcher.storedCredentialsHexEncoded = true
credentialsMatcher.hashIterations = 10000
credentialsMatcher.hashSalted = true
新用戶密碼
$shiro1$SHA-256$500000$xRvz5dByhvAtFG7VHlCjHA==$xxakvEZdBF6cI+UmyR1OY098tAlscOKhpwQuT7THijw=