通過上文自定義realm分析源碼可得https://blog.csdn.net/Kevinnsm/article/details/11183124

用戶認證在doGetAuthenticationInfo()方法中進行操作，授權在doGetAuthorizationInfo()方法中進行，如果想要自定義則必須實現AuthorizingRealm類，該類中繼承了AuthenticatingRealm；AuthenticatingRealm類中的doGetAuthenticationInfo()方法實現了用戶認證，AuthorizingRealm中的doGetAuthorizationInfo()實現了授權

---

模擬處密碼為123的加密后的數據

public class TestShiroMD5 {public static void main(String[] args) {//使用md5Md5Hash md5Hash=new Md5Hash("123");System.out.println(md5Hash.toHex());//使用md5 + saltMd5Hash md5Hash1 = new Md5Hash("123", "x0*7ps");System.out.println(md5Hash1.toHex());//使用md5 + slat + 散列Md5Hash md5Hash2 = new Md5Hash("123", "x0*7ps", 1024);System.out.println(md5Hash2.toHex());//44c42bc682c33a4dae2af47eba4c8011} }

結果：

1.實現AuthorizingRealm類，重寫其中的doGetAuthenticationInfo()和doGetAuthorizationInfo()方法，完成用戶的認證和授權

public class CustomerMd5Realm extends AuthorizingRealm {//授權方法@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {System.out.println("授權操作中");String primaryPrincipal = (String) principalCollection.getPrimaryPrincipal();System.out.println("身份信息："+primaryPrincipal);SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();//添加用戶角色（例如：管理員，普通用戶等） // simpleAuthorizationInfo.addRole("admin"); // simpleAuthorizationInfo.addRole("user"); // simpleAuthorizationInfo.addRole("supper"); // simpleAuthorizationInfo.addRole("common");//一次添加多個用戶角色 //用戶認證 simpleAuthorizationInfo.addRoles(Arrays.asList("admin","user","supper","common","product"));//將數據庫中的權限信息賦值個權限對象（角色標識符：操作：資源類型）simpleAuthorizationInfo.addStringPermission("user:*:*");simpleAuthorizationInfo.addStringPermission("product:*:*");return simpleAuthorizationInfo;}@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {System.out.println("身份認證中");//獲取身份信息String principal = (String) authenticationToken.getPrincipal();// //模擬根據用戶名查詢數據庫if ("tom".equals(principal)) {//參數1，返回數據庫中的正確的賬戶 //參數2 ：（md5+salt+散列加密后）密碼 //參數3：salt //參數4.提供當前realm的名字return new SimpleAuthenticationInfo(principal,"44c42bc682c33a4dae2af47eba4c8011",ByteSource.Util.bytes("x0*7ps"),this.getName());}return null;} }

模擬測試

/*** @author:抱著魚睡覺的喵喵* @date:2020/12/28* @description:*/ public class TestCustomerMd5Realm {public static void main(String[] args) {//創建安全管理器DefaultSecurityManager securityManager = new DefaultSecurityManager();CustomerMd5Realm realm=new CustomerMd5Realm();//設置realm使用hash憑證匹配器HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();//使用算法md5credentialsMatcher.setHashAlgorithmName("md5");//散列次數credentialsMatcher.setHashIterations(1024);realm.setCredentialsMatcher(credentialsMatcher);//注入realm到安全管理器securityManager.setRealm(realm);//將安全管理器注入到安全工具類SecurityUtils.setSecurityManager(securityManager);//從安全工具類中獲取SubjectSubject subject = SecurityUtils.getSubject();//封裝登錄信息到令牌UsernamePasswordToken token = new UsernamePasswordToken("tom", "123"); // ---------------------認證---------------------//try {subject.login(token);System.out.println("登陸成功");}catch (UnknownAccountException e){e.printStackTrace();System.out.println("用戶名錯誤");}catch (IncorrectCredentialsException e){e.printStackTrace();System.out.println("密碼錯誤");}//認證用戶進行授權if (subject.isAuthenticated()){//1.基于角色權限控制System.out.println(subject.hasRole("admin"));//2.基于多角色的權限控制System.out.println(subject.hasAllRoles(Arrays.asList("common", "supper", "user")));//是否具有其中一個boolean[] booleans = subject.hasRoles(Arrays.asList("admin", "super", "user"));for (boolean roles:booleans){System.out.println(roles);}System.out.println("=======================");System.out.println(subject.hasRole("supper"));System.out.println("======================");//基于權限字符串的訪問控制，資源標識符：操作：資源類型System.out.println("權限:"+subject.isPermitted("user:*:01"));System.out.println("權限:"+subject.isPermitted("user:create:023"));System.out.println("權限:"+subject.isPermitted("product:update:45"));}} } 與50位技術專家面對面20年技術見證，附贈技術全景圖

總結

以上是生活随笔為你收集整理的shiro认证+授权(使用MD5+salt+散列加密）的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。