JeeSite shiro中使用MD5加密的时候,怎么取消自动加盐?

JeeSite 菜徐鸭 2022年5月14日 12:00 35 查看原文

该问题是怎么引起的?

我旧数据是没有加盐过的MD5密码,因此在如下代码密码匹配不上,请问怎么取消shiro中的MD5加盐过程,有没有更好的解决办法,让两种密码形式同时存在?

AuthorizingRealm ``` public static final String HASH_ALGORITHM = "MD5"; public static final int HASH_INTERATIONS = 1; public static final int SALT_SIZE = 8;

private UserService userService;

public AuthorizingRealm() {
    super();
    // 设定密码校验的Hash算法与迭代次数
    HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(HASH_ALGORITHM);
    matcher.setHashIterations(HASH_INTERATIONS);
    matcher.setStoredCredentialsHexEncoded(true);
    this.setCredentialsMatcher(matcher);
}

```

HashedCredentialsMatcher.class ``` public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { Object tokenHashedCredentials = this.hashProvidedCredentials(token, info); Object accountCredentials = this.getCredentials(info); return this.equals(tokenHashedCredentials, accountCredentials); }

protected Object hashProvidedCredentials(AuthenticationToken token, AuthenticationInfo info) {
    Object salt = null;
    if (info instanceof SaltedAuthenticationInfo) {
        salt = ((SaltedAuthenticationInfo)info).getCredentialsSalt();
    } else if (this.isHashSalted()) {
        salt = this.getSalt(token);
    }

    return this.hashProvidedCredentials(token.getCredentials(), salt, this.getHashIterations());
}

```

回答
3 条回答

@jeeweb core项目,AuthorizingRealm 类

@bei3ke 老哥,具体我要覆盖哪个类呢,能否告知一下,谢谢老哥

是想用自己的加密方式吗?想用自己的话,就需要重写类,覆盖一下,自己写了。

热门问题
相关推荐
推荐分类