Shiro on 杨刚的个人网站 https://www.ygang.top/posts/3ab7256e/98c7af00/c3527798/ Recent content in Shiro on 杨刚的个人网站 Hugo -- gohugo.io zh Copyright © 2018-2025 GradyYoung. All rights reserved. Fri, 19 Jan 2024 00:00:00 +0000 1、Shiro https://www.ygang.top/posts/3ab7256e/98c7af00/c3527798/d9a64321/ Sat, 11 Nov 2023 00:00:00 +0000 https://www.ygang.top/posts/3ab7256e/98c7af00/c3527798/d9a64321/ <h2 class="relative group">Shiro简介 <div id="shiro简介" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#shiro%e7%ae%80%e4%bb%8b" aria-label="锚点">#</a> </span> </h2> <ul> <li>公司项目中,常见的权限框架:shiro,spring security</li> <li>Apache Shiro是一个功能强大且灵活的开源安全框架,可以清晰地处理身份验证,授权,企业会话管理和加密</li> <li>Apache Shiro的首要目标是易于使用和理解。安全有时可能非常复杂,甚至是痛苦的,但并非必须如此。框架应尽可能掩盖复杂性,并提供简洁直观的API,以简化开发人员确保其应用程序安全的工作</li> </ul> <h2 class="relative group">Shiro能帮系统做什么 <div id="shiro能帮系统做什么" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#shiro%e8%83%bd%e5%b8%ae%e7%b3%bb%e7%bb%9f%e5%81%9a%e4%bb%80%e4%b9%88" aria-label="锚点">#</a> </span> </h2> <ol> <li>做用户的身份认证,判断用户是否系统用户(重点)</li> <li>给系统用户授权,用来帮助系统实现不同的用户展示不同的功能(重点)</li> <li>针对密码等敏感信息,进行加密处理(明文变成密文)(重点)</li> <li>提供了Session管理,但是它的Session不是HttpSession,是它自己自带的</li> <li>做授权信息的缓存管理,降低对数据库的授权访问</li> <li>提供测试支持,因为它也是一个轻量级框架,它也可以直接针对代码进行使用Junit单元测试</li> <li>提供Remeber me的功能,可以做用户无需再次登录即可访问某些页面</li> </ol> <h2 class="relative group">Shiro提供的10大功能 <div id="shiro提供的10大功能" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#shiro%e6%8f%90%e4%be%9b%e7%9a%8410%e5%a4%a7%e5%8a%9f%e8%83%bd" aria-label="锚点">#</a> </span> </h2> <p> <figure> <img class="my-0 rounded-md" loading="lazy" decoding="async" fetchpriority="low" alt="说明: clipboard.png" data-zoom-src="https://www.ygang.top/posts/3ab7256e/98c7af00/c3527798/d9a64321/image/202109181345045.gif" src="https://www.ygang.top/posts/3ab7256e/98c7af00/c3527798/d9a64321/image/202109181345045.gif"> </figure> </p> 2、认证,加密,授权,缓存 https://www.ygang.top/posts/3ab7256e/98c7af00/c3527798/87c6c501/ Sat, 11 Nov 2023 00:00:00 +0000 https://www.ygang.top/posts/3ab7256e/98c7af00/c3527798/87c6c501/ <h2 class="relative group">认证 <div id="认证" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#%e8%ae%a4%e8%af%81" aria-label="锚点">#</a> </span> </h2> <h3 class="relative group">1、Controller登录方法 <div id="1controller登录方法" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#1controller%e7%99%bb%e5%bd%95%e6%96%b9%e6%b3%95" aria-label="锚点">#</a> </span> </h3> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-java" data-lang="java"><span class="line"><span class="cl"><span class="nd">@RequestMapping</span><span class="p">(</span><span class="s">&#34;/login.do&#34;</span><span class="p">)</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="kd">public</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="nf">login</span><span class="p">(</span><span class="n">User</span><span class="w"> </span><span class="n">user</span><span class="p">,</span><span class="n">ModelMap</span><span class="w"> </span><span class="n">map</span><span class="p">){</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//获得一个主体对象</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">Subject</span><span class="w"> </span><span class="n">subject</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SecurityUtils</span><span class="p">.</span><span class="na">getSubject</span><span class="p">();</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//将请求得到的用户名和密码放入一个令牌中</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">UsernamePasswordToken</span><span class="w"> </span><span class="n">token</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">UsernamePasswordToken</span><span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="na">getUaccount</span><span class="p">(),</span><span class="n">user</span><span class="p">.</span><span class="na">getUpsw</span><span class="p">());</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//调用主体对象的认证方法login,对令牌进行认证</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">try</span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//触发Realm中doGetAuthenticationInfo()</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">subject</span><span class="p">.</span><span class="na">login</span><span class="p">(</span><span class="n">token</span><span class="p">);</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">Session</span><span class="w"> </span><span class="n">session</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">subject</span><span class="p">.</span><span class="na">getSession</span><span class="p">();</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">User</span><span class="w"> </span><span class="n">nwoLogin</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">User</span><span class="p">)</span><span class="n">subject</span><span class="p">.</span><span class="na">getPrincipal</span><span class="p">();</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">session</span><span class="p">.</span><span class="na">setAttribute</span><span class="p">(</span><span class="s">&#34;nowLogin&#34;</span><span class="p">,</span><span class="w"> </span><span class="n">nwoLogin</span><span class="p">);</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="k">catch</span><span class="p">(</span><span class="n">UnknownAccountException</span><span class="w"> </span><span class="n">accountException</span><span class="p">){</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">map</span><span class="p">.</span><span class="na">put</span><span class="p">(</span><span class="s">&#34;ex&#34;</span><span class="p">,</span><span class="w"> </span><span class="s">&#34;账号不存在&#34;</span><span class="p">);</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="s">&#34;tologin.do&#34;</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="k">catch</span><span class="p">(</span><span class="n">IncorrectCredentialsException</span><span class="w"> </span><span class="n">passwordExeption</span><span class="p">){</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">map</span><span class="p">.</span><span class="na">put</span><span class="p">(</span><span class="s">&#34;ex&#34;</span><span class="p">,</span><span class="w"> </span><span class="s">&#34;密码校验错误&#34;</span><span class="p">);</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="s">&#34;tologin.do&#34;</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="s">&#34;redirect:toMain.do&#34;</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w"> </span></span></span></code></pre></div> <h3 class="relative group">2、Realm类中,doGetAuthenticationInfo方法进行登录认证 <div id="2realm类中dogetauthenticationinfo方法进行登录认证" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#2realm%e7%b1%bb%e4%b8%addogetauthenticationinfo%e6%96%b9%e6%b3%95%e8%bf%9b%e8%a1%8c%e7%99%bb%e5%bd%95%e8%ae%a4%e8%af%81" aria-label="锚点">#</a> </span> </h3> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-java" data-lang="java"><span class="line"><span class="cl"><span class="c1">//身份认证方法,需要在用户登录系统时触发</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nd">@Override</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="kd">protected</span><span class="w"> </span><span class="n">AuthenticationInfo</span><span class="w"> </span><span class="nf">doGetAuthenticationInfo</span><span class="p">(</span><span class="n">AuthenticationToken</span><span class="w"> </span><span class="n">arg0</span><span class="p">)</span><span class="w"> </span><span class="kd">throws</span><span class="w"> </span><span class="n">AuthenticationException</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//通过方法形参arg0,获取封装了用户账号密码的令牌</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">UsernamePasswordToken</span><span class="w"> </span><span class="n">token</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">UsernamePasswordToken</span><span class="p">)</span><span class="n">arg0</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//验证账号是否存在</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">uaccount</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">token</span><span class="p">.</span><span class="na">getUsername</span><span class="p">();</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">User</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">userService</span><span class="p">.</span><span class="na">selectByUaccount</span><span class="p">(</span><span class="n">uaccount</span><span class="p">);</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="p">(</span><span class="n">user</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="kc">null</span><span class="p">){</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//如果用户名不存在,返回null</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//则shiro底层返回了一个异常(UnknownAccountException)</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="kc">null</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//验证密码是否正确</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//第一个参数为,数据库查出的user对象,第二个参数为正确的密码,第三个参数为当前realm名</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//如果密码不正确,该构造器会抛出异常(IncorrectCredentialsException)</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SimpleAuthenticationInfo</span><span class="p">(</span><span class="n">user</span><span class="p">,</span><span class="n">user</span><span class="p">.</span><span class="na">getUpsw</span><span class="p">(),</span><span class="n">getName</span><span class="p">());</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w"> </span></span></span></code></pre></div> <h2 class="relative group">加密 <div id="加密" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#%e5%8a%a0%e5%af%86" aria-label="锚点">#</a> </span> </h2> <h3 class="relative group">1、ShiroConfig类中,设置加密 <div id="1shiroconfig类中设置加密" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#1shiroconfig%e7%b1%bb%e4%b8%ad%e8%ae%be%e7%bd%ae%e5%8a%a0%e5%af%86" aria-label="锚点">#</a> </span> </h3> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-java" data-lang="java"><span class="line"><span class="cl"><span class="c1">//设置加密类型(身份匹配器),以及方式</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nd">@Bean</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="kd">public</span><span class="w"> </span><span class="n">HashedCredentialsMatcher</span><span class="w"> </span><span class="nf">credentialsMatcher</span><span class="p">()</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">HashedCredentialsMatcher</span><span class="w"> </span><span class="n">credentialsMatcher</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">HashedCredentialsMatcher</span><span class="p">();</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">// 说密码的加密方式为MD5 (不可逆的加密方式,只能加密,不能解密)</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">credentialsMatcher</span><span class="p">.</span><span class="na">setHashAlgorithmName</span><span class="p">(</span><span class="s">&#34;MD5&#34;</span><span class="p">);</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">// 针对MD5加密的信息,再加密1024次</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">credentialsMatcher</span><span class="p">.</span><span class="na">setHashIterations</span><span class="p">(</span><span class="n">1024</span><span class="p">);</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">credentialsMatcher</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c1">//配置shiro框架中,用来完成身份认证,授权的域对象</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nd">@Bean</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="kd">public</span><span class="w"> </span><span class="n">LoginAndAuthRealm</span><span class="w"> </span><span class="nf">loginAndAuthRealm</span><span class="p">()</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">LoginAndAuthRealm</span><span class="w"> </span><span class="n">realm</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">LoginAndAuthRealm</span><span class="p">();</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">// 给Realm中配置身份对比规则</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">realm</span><span class="p">.</span><span class="na">setCredentialsMatcher</span><span class="p">(</span><span class="n">credentialsMatcher</span><span class="p">());</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">realm</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w"> </span></span></span></code></pre></div> <h3 class="relative group">2、修改Realm组件身份认证方法 <div id="2修改realm组件身份认证方法" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#2%e4%bf%ae%e6%94%b9realm%e7%bb%84%e4%bb%b6%e8%ba%ab%e4%bb%bd%e8%ae%a4%e8%af%81%e6%96%b9%e6%b3%95" aria-label="锚点">#</a> </span> </h3> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-java" data-lang="java"><span class="line"><span class="cl"><span class="c1">//身份认证方法,需要在用户登录系统时触发</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nd">@Override</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="kd">protected</span><span class="w"> </span><span class="n">AuthenticationInfo</span><span class="w"> </span><span class="nf">doGetAuthenticationInfo</span><span class="p">(</span><span class="n">AuthenticationToken</span><span class="w"> </span><span class="n">arg0</span><span class="p">)</span><span class="w"> </span><span class="kd">throws</span><span class="w"> </span><span class="n">AuthenticationException</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//通过方法形参arg0,获取封装了用户账号密码的令牌</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">UsernamePasswordToken</span><span class="w"> </span><span class="n">token</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">UsernamePasswordToken</span><span class="p">)</span><span class="n">arg0</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//验证账号是否存在</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">uaccount</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">token</span><span class="p">.</span><span class="na">getUsername</span><span class="p">();</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">User</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">userService</span><span class="p">.</span><span class="na">selectByUaccount</span><span class="p">(</span><span class="n">uaccount</span><span class="p">);</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="p">(</span><span class="n">user</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="kc">null</span><span class="p">){</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//如果用户名不存在,返回null</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//则shiro底层返回了一个异常(UnknownAccountException)</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="kc">null</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//验证密码是否正确</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//获取当前用户名,创建盐值对象</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">ByteSource</span><span class="w"> </span><span class="n">byteSource</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ByteSource</span><span class="p">.</span><span class="na">Util</span><span class="p">.</span><span class="na">bytes</span><span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="na">getUaccount</span><span class="p">());</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//第一个参数为,数据库查出的user对象,第二个参数为正确的密码,第三个参数为盐值对象,第四个参数为当前Realm名称</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c1">//如果密码不正确,该构造器会抛出异常(IncorrectCredentialsException)</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SimpleAuthenticationInfo</span><span class="p">(</span><span class="n">user</span><span class="p">,</span><span class="n">user</span><span class="p">.</span><span class="na">getUpsw</span><span class="p">(),</span><span class="n">byteSource</span><span class="p">,</span><span class="n">getName</span><span class="p">());</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w"> </span></span></span></code></pre></div> <h3 class="relative group">3、控制层注册方法中,对密码进行MD5加密 <div id="3控制层注册方法中对密码进行md5加密" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#3%e6%8e%a7%e5%88%b6%e5%b1%82%e6%b3%a8%e5%86%8c%e6%96%b9%e6%b3%95%e4%b8%ad%e5%af%b9%e5%af%86%e7%a0%81%e8%bf%9b%e8%a1%8cmd5%e5%8a%a0%e5%af%86" aria-label="锚点">#</a> </span> </h3> <p><code>String pwd = new SimpleHash(&quot;MD5&quot;, 密码,盐值‘一般为用户名’, 加密次数‘1024’).toString();</code></p> 3、Session https://www.ygang.top/posts/3ab7256e/98c7af00/c3527798/3f404e8a/ Fri, 19 Jan 2024 00:00:00 +0000 https://www.ygang.top/posts/3ab7256e/98c7af00/c3527798/3f404e8a/ <h2 class="relative group">生命周期 <div id="生命周期" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#%e7%94%9f%e5%91%bd%e5%91%a8%e6%9c%9f" aria-label="锚点">#</a> </span> </h2> <p><strong>注意</strong>:这个Session不是Tomcat的那个,而是Shrio提供的一个Session</p>