Shiro

Security - 图1
实际进行权限信息验证的是我们的 Realm,Shiro 框架内部默认实现外,就是自定义Realm,重写doGetAuthorizationInfodoGetAuthenticationInfo
根据从主体传过来的用户名,从数据源取password, roles, permissions进行比对。

  1. public class MyRealm extends AuthorizingRealm {
  3.     @Override
  4.     protected AuthorizationInfo doGetAuthorizationInfo(
  5.         PrincipalCollection principalCollection) {
  6.         // 1.从主体传过来的认证信息中,获得用户名
  7.         String userName = (String) principalCollection.getPrimaryPrincipal();
  8.         // 2.从数据库获取角色和权限数据
  9.         Set<String> roles = getRolesByUserName(userName);
  10.         Set<String> permissions = getPermissionsByUserName(userName);
  12.         SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
  13.         simpleAuthorizationInfo.setStringPermissions(permissions);
  14.         simpleAuthorizationInfo.setRoles(roles);
  15.         return simpleAuthorizationInfo;
  16.     }
  18.         @Override
  19.     protected AuthenticationInfo doGetAuthenticationInfo(
  20.         AuthenticationToken authenticationToken) throws AuthenticationException {
  22.         // 1.从主体传过来的认证信息中,获得用户名
  23.         String userName = (String) authenticationToken.getPrincipal();
  25.         // 2.通过用户名到数据库中获取凭证
  26.         String password = getPasswordByUserName(userName);
  27.         if (password == null) {
  28.             return null;
  29.         }
  30.         SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
  31.             userName, password, "myRealm"
  32.         );
  33.         return authenticationInfo;
  34.     }
  35. }
  1. public class MyRealmTest {
  3.     @Test
  4.     public void loginTest() {
  6.         MyRealm myRealm = new MyRealm(); // 实现自己的 Realm 实例
  8.         // 1.构建SecurityManager环境
  9.         DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
  10.         defaultSecurityManager.setRealm(myRealm);
  12.         // 2.主体提交认证请求
  13.         SecurityUtils.setSecurityManager(defaultSecurityManager); 
  14.         Subject subject = SecurityUtils.getSubject();
  16.         UsernamePasswordToken token = new UsernamePasswordToken("yanjing", "123456");
  17.         subject.login(token); // 登录
  19.         // subject.isAuthenticated()方法返回一个boolean值,用于判断用户是否认证成功
  20.         System.out.println("isAuthenticated:" + subject.isAuthenticated()); // 输出true
  21.         // 判断subject是否具有admin和user两个角色权限,如没有则会报错
  22.         subject.checkRoles("admin", "user");
  23.         subject.checkRole("admin");
  24.         // 判断subject是否具有user:add和user:delete权限
  25.         subject.checkPermissions("user:delete", "user:add");
  26.         subject.checkPermissions("user:delete");
  27.     }
  28. }

image.png

加密解密

MD5, sha256, sha512, 加盐,增加Hash迭代次数

  1. public class EncryptUtil {
  3.     public static void main(String[] args) {
  5.         encrypt("123");
  6.     }
  8.     public static String encrypt(String password) {
  10.         String salt = new SecureRandomNumberGenerator().nextBytes().toString();
  11.         int times = 2;
  12.         String alogrithm = "md5";   // 加密算法
  14.         String encryptedPassword = new SimpleHash(alogrithm, password, salt, times).toString();
  16.         System.out.printf("原始密码是 %s , 盐是: %s, 运算次数是: %d, 运算出来的密文是:%s ", 
  17.                           password, salt, times, encryptedPassword);
  19.         return encryptedPassword;
  20.     }
  21. }

cryptojs 配合后端 前端vue使用crypto.js加密Java后端解密
java.net.URLDecoder