- 定义 自定义密码匹配器bean credentialsMatcher
<bean id="myRealm" class="cn.org.celay.realm.MyRealm">
<property name="credentialsMatcher" ref="customCredentialsMatcher"/>
</bean>
<bean id="customCredentialsMatcher" class="cn.org.celay.shiro.matcher.CustomCredentialsMatcher"/>
-
可以看到shiro源码中默认的AuthenticatingRealm
- 重写doCredentialsMatch方法 返回boolean(认证是否通过),其中的认证逻辑可以自定义,比如这里讲密码MD5加密转为大写,另外可以做密码校验次数校验(比如连续5次密码错误锁定账号)
public class CustomCredentialsMatcher extends SimpleCredentialsMatcher {
@Override
public boolean doCredentialsMatch(AuthenticationToken authcToken, AuthenticationInfo info) {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
Object tokenCredentials = encrypt(String.valueOf(token.getPassword()));
Object accountCredentials = getCredentials(info);
boolean retult = equals(tokenCredentials, accountCredentials);
if (!retult) {
//todo 密码错误次数加一
}
return retult;
}
/**
* MD5加密---md5转为大写
*/
private String encrypt(String data) {
if (StringUtils.isBlank(data)) {
return StringUtils.EMPTY;
}
return new Md5Hash(data).toString().toUpperCase();
}
}
网友评论