1.MD5+盐
由于现在单靠MD5加密已经不再安全,现选择对MD5+盐(几个由字母或数字组成的字符串)提高安全性
2.使用方法
2.1引入Shiro jar包
Shiro是一个强大易用的Java安全框架,提供了认证、授权、加密和会话管理等功能。
引入shiro相关jar包 下载地址:https://download.youkuaiyun.com/download/guisu97/11175290
2.2编写加密工具类
import java.util.Iterator;
import java.util.List;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import com.quancheng.core.shiro.yl.Toolutil;
public class ShiroKit {
private static final String NAMES_DELIMETER = ",";
public static final String hashAlgorithmName = "MD5";
public static final int hashIterations = 1024;
public ShiroKit() {
}
/*md5加密方法
参数credentials : 需要加密的字符串
参数saltsource : 盐(随机产生的几位数字或字母)
*/
public static String md5(String credentials, String saltSource) {
ByteSource salt = new Md5Hash(saltSource);
return (new SimpleHash("MD5", credentials, salt, 1024)).toString();
}
//盐
public static String getRandomSalt(int length) {
return Toolutil.getRandomString(length);
}
public static Subject getSubject() {
return SecurityUtils.getSubject();
}
public static Session getSession() {
return getSubject().getSession();
}
public static void setSessionAttr(String key, Object value) {
Session session = getSession();
session.setAttribute(key, value);
}
public static void removeSessionAttr(String key) {
Session session = getSession();
if (session != null) {
session.removeAttribute(key);
}
}
public static boolean hasRole(String roleName) {
return getSubject() != null && roleName != null && roleName.length() > 0 && getSubject().hasRole(roleName);
}
public static boolean lacksRole(String roleName) {
return !hasRole(roleName);
}
public static boolean hasAnyRoles(String roleNames) {
boolean hasAnyRole = false;
Subject subject = getSubject();
if (subject != null && roleNames != null && roleNames.length() > 0) {
String[] var3 = roleNames.split(",");
int var4 = var3.length;
for(int var5 = 0; var5 < var4; ++var5) {
String role = var3[var5];
if (subject.hasRole(role.trim())) {
hasAnyRole = true;
break;
}
}
}
return hasAnyRole;
}
public static boolean hasAllRoles(String roleNames) {
boolean hasAllRole = true;
Subject subject = getSubject();
if (subject != null && roleNames != null && roleNames.length() > 0) {
String[] var3 = roleNames.split(",");
int var4 = var3.length;
for(int var5 = 0; var5 < var4; ++var5) {
String role = var3[var5];
if (!subject.hasRole(role.trim())) {
hasAllRole = false;
break;
}
}
}
return hasAllRole;
}
public static boolean hasPermission(String permission) {
return getSubject() != null && permission != null && permission.length() > 0 && getSubject().isPermitted(permission);
}
public static boolean lacksPermission(String permission) {
return !hasPermission(permission);
}
public static boolean isAuthenticated() {
return getSubject() != null && getSubject().isAuthenticated();
}
public static boolean notAuthenticated() {
return !isAuthenticated();
}
public static boolean isUser() {
return getSubject() != null && getSubject().getPrincipal() != null;
}
public static boolean isGuest() {
return !isUser();
}
public static String principal() {
if (getSubject() != null) {
Object principal = getSubject().getPrincipal();
return principal.toString();
} else {
return "";
}
}
}
产生盐的具体方法:
import org.apache.commons.lang3.RandomStringUtils;
public class Toolutil {
//生成指定长度的字母和数字的随机组合字符串
public static String getRandomString(int length) {
return RandomStringUtils.randomAlphanumeric(length);
}
}