In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/01 Report--
This article mainly introduces the method of "Spring Boot integrates Shiro and uses SHA-256 to encrypt passwords". In daily operation, I believe that many people have doubts about the method of Spring Boot integrating Shiro and using SHA-256 to encrypt passwords. Xiaobian consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts of "Spring Boot integrates Shiro and uses SHA-256 to encrypt passwords". Next, please follow the editor to study!
We cannot store the user's password in clear text, otherwise if our own database is hacked, the user's account on other sites may also be stolen.
Born into ciphertext at the time of registration
Shiro provides a SimpleHash class that makes it easy to encrypt strings and encrypts passwords with just one line of code.
String hashPassword = new SimpleHash (SHA-256, password, username+ "reg", 1024). ToString ()
Its first parameter is the encryption algorithm, the second is the content to be encrypted, the third is salt (this parameter is whatever you want), and the fourth is the desired number of times.
With the encrypted password, you can store the entire User object in the database and query it later through Realm when you log in.
/ * *
* injection for storing user objects
, /
@ Autowired
Private UserService userService
@ GetMapping ("reg")
Public Object reg (@ RequestParam (name = "username") String username
@ RequestParam (name = "password") String password) {
String hashPassword = new SimpleHash (SHA-256, password, username+ "reg", 1024). ToString ()
User user = new User ()
User.setUsername (username)
User.setPassword (hashPassword)
User.setSalt (username + "reg")
UserService.addUser (user)
Return "registered successfully"
}
Realm
The last article talked about how to log in, but the password was not encrypted at the time.
How to write the encrypted Realm?
Shiro gives people the impression that I have all the basic things ready, so you can add whatever you want.
So you just need to rewrite its setCredentialsMatcher interface in the custom Realm and specify the type of algorithm and the desired number of times.
@ Override
Public void setCredentialsMatcher (CredentialsMatcher credentialsMatcher) {
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher ()
Matcher.setHashAlgorithmName ("SHA-256")
Matcher.setHashIterations (1024)
Super.setCredentialsMatcher (matcher)
}
This is basically the same as at the time of registration, but there seems to be no specified salt?
Salt is used in encryption, and it is necessary to verify it, but it is not written here, after all, the salt of each user may be inconsistent (salt is set according to your own ideas).
But remember that the doGetAuthenticationInfo method returns an authentication information object for Shiro authentication, and after using salt, just pass the salt in when you create the object.
Note: because what you need now is not only a password, but also salt. So when you simulate querying the database, you can't just return a string, but you should return an object, and then extract the password and salt from the object.
/ * *
* injection for storing user objects
, /
@ Autowired
Private UserService userService
@ Override
Protected AuthenticationInfo doGetAuthenticationInfo (AuthenticationToken token) throws AuthenticationException {
String username = token.getPrincipal () .toString ()
User user = userService.getUserByUsername (username)
If (user! = null) {
String password = user.getPassword ()
AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo (
Username
Password
/ / incoming salt
ByteSource.Util.bytes (user.getSalt ())
GetName ()
Return authenticationInfo
}
Return null
}
Analog access User object
It's all for simplicity.
@ Service
Public class UserService {
Private HashMap users = new HashMap ()
Public void addUser (User user) {
Users.put (user.getUsername (), user)
}
Public User getUserByUsername (String username) {
Return users.get (username)
}
}
At this point, the study on "Spring Boot integrates Shiro and uses SHA-256 to encrypt passwords" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.