我正在尝试使用Shiro JdbcRealm和SHA256 hashedcredentialsMatcher。我需要更新旧数据库并为每个用户分配适当的盐(通过批处理例程)。
如何使用Shiro框架获取/设置给定帐户的费用?
最佳答案
使用Shiro 1.2.3,您需要做的是:
JdbcRealm 并设置盐样式。public class JdbcSaltRealm extends JdbcRealm {
public JdbcSaltRealm() {
setSaltStyle(SaltStyle.COLUMN);
}
}
shiro.ini 以使用扩展领域并从数据库获取salt列credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
jdbcRealm = com.mypackage.JdbcSaltRealm
jdbcRealm.authenticationQuery = SELECT password, salt FROM user WHERE username = ?
jdbcRealm.credentialsMatcher = $credentialsMatcher
private void saltHashPassword(String password) {
String salt = new BigInteger(250, new SecureRandom()).toString(32);
//TODO: save salt value to "salt" column in user table
Sha256Hash hash = new Sha256Hash(password,
(new SimpleByteSource(salt)).getBytes());
String saltedHashedPassword = hash.toHex();
//TODO: save saltedHashedPassword value to "password" column in user table
}
我希望我的答案是清晰和可以理解的。