From 1ce27089e2ba7d5631b80a4cd99f3f453e80d40b Mon Sep 17 00:00:00 2001 From: thinkgem Date: Tue, 25 Sep 2018 22:43:37 +0800 Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=81=E5=BC=80=E5=8F=91=E8=80=85?= =?UTF-8?q?=E8=87=AA=E5=AE=9A=E4=B9=89=E6=8E=A7=E5=88=B6=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E5=8A=A0=E5=AF=86=E5=92=8C=E9=AA=8C=E8=AF=81?= =?UTF-8?q?=E7=AD=96=E7=95=A5=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/shiro/filter/LogoutFilter.java | 19 ++++---- .../common/shiro/realm/AuthorizingRealm.java | 43 ++++++++++++++++++- 2 files changed, 50 insertions(+), 12 deletions(-) diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/LogoutFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/LogoutFilter.java index 8f458932..4d7279cd 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/LogoutFilter.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/LogoutFilter.java @@ -18,9 +18,6 @@ import com.jeesite.common.config.Global; import com.jeesite.common.shiro.realm.BaseAuthorizingRealm; import com.jeesite.common.shiro.realm.LoginInfo; import com.jeesite.common.web.http.ServletUtils; -import com.jeesite.modules.sys.entity.Log; -import com.jeesite.modules.sys.utils.LogUtils; -import com.jeesite.modules.sys.utils.UserUtils; /** * 登出过滤器 @@ -41,16 +38,16 @@ public class LogoutFilter extends org.apache.shiro.web.filter.authc.LogoutFilter try { Object principal = subject.getPrincipal(); if (principal != null){ - // 记录用户退出日志(@Deprecated v4.0.5支持setAuthorizingRealm,之后版本可删除此if子句) - if (authorizingRealm == null){ - LogUtils.saveLog(UserUtils.getUser(), ServletUtils.getRequest(), - "系统退出", Log.TYPE_LOGIN_LOGOUT); - } - // 退出成功之前初始化授权信息并处理登录后的操作 - else{ +// // 记录用户退出日志(@Deprecated v4.0.5支持setAuthorizingRealm,之后版本可删除此if子句) +// if (authorizingRealm == null){ +// LogUtils.saveLog(UserUtils.getUser(), ServletUtils.getRequest(), +// "系统退出", Log.TYPE_LOGIN_LOGOUT); +// } +// else{ + // 退出成功之前初始化授权信息并处理登录后的操作 authorizingRealm.onLogoutSuccess((LoginInfo)subject.getPrincipal(), (HttpServletRequest)request); - } +// } } // 退出登录 subject.logout(); diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java index f14a0b98..4f1e7d1a 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java @@ -5,6 +5,10 @@ package com.jeesite.common.shiro.realm; import javax.servlet.http.HttpServletRequest; +import org.apache.shiro.authc.credential.HashedCredentialsMatcher; + +import com.jeesite.common.codec.EncodeUtils; +import com.jeesite.common.codec.Sha1Utils; import com.jeesite.common.utils.SpringUtils; import com.jeesite.modules.sys.entity.Log; import com.jeesite.modules.sys.entity.User; @@ -18,11 +22,48 @@ import com.jeesite.modules.sys.utils.UserUtils; * @version 2018-7-11 */ public class AuthorizingRealm extends BaseAuthorizingRealm { - + + public static final String HASH_ALGORITHM = "SHA-1"; + public static final int HASH_INTERATIONS = 1024; + public static final int SALT_SIZE = 8; + private UserService userService; public AuthorizingRealm() { super(); + // 设定密码校验的Hash算法与迭代次数 + HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(HASH_ALGORITHM); + matcher.setHashIterations(HASH_INTERATIONS); + this.setCredentialsMatcher(matcher); + } + + /** + * 生成密文密码,生成随机的16位salt并经过1024次 sha-1 hash + * @param plainPassword 明文密码 + * @return 16位salt密钥 + 40位hash密码 + */ + public String encryptPassword(String plainPassword) { + String plain = EncodeUtils.decodeHtml(plainPassword); + byte[] salt = Sha1Utils.genSalt(SALT_SIZE); + byte[] hashPassword = Sha1Utils.sha1(plain.getBytes(), salt, HASH_INTERATIONS); + return EncodeUtils.encodeHex(salt) + EncodeUtils.encodeHex(hashPassword); + } + + /** + * 验证密码正确性 + * @param plainPassword 明文密码 + * @param password 密文密码 + * @return 验证成功返回true + */ + public boolean validatePassword(String plainPassword, String password) { + try{ + String plain = EncodeUtils.decodeHtml(plainPassword); + byte[] salt = EncodeUtils.decodeHex(password.substring(0, 16)); + byte[] hashPassword = Sha1Utils.sha1(plain.getBytes(), salt, HASH_INTERATIONS); + return password.equals(EncodeUtils.encodeHex(salt) + EncodeUtils.encodeHex(hashPassword)); + }catch(Exception e){ + return false; + } } @Override