org.apache.shiro.crypto.hash.Md5Hash Java Examples

/**
 * 修改密码
 * @param oldPassword 原密码
 * @param newPassword 新密码
 */
@RequiresPermissions("userUpdatePassword${url.suffix}")
@RequestMapping(value="updatePassword", method = RequestMethod.POST)
public String updatePassword(HttpServletRequest request, String oldPassword,String newPassword,Model model){
	if(oldPassword==null){
		ActionLogCache.insert(request, "修改密码", "失败：未输入密码");
		return error(model, "请输入旧密码");
	}else{
		User uu=sqlService.findById(User.class, getUser().getId());
		//将输入的原密码进行加密操作，判断原密码是否正确
		
		if(new Md5Hash(oldPassword, uu.getSalt(),Global.USER_PASSWORD_SALT_NUMBER).toString().equals(uu.getPassword())){
			BaseVO vo = userService.updatePassword(getUserId(), newPassword);
			if(vo.getResult() - BaseVO.SUCCESS == 0){
				ActionLogCache.insert(request, "修改密码", "成功");
				return success(model, "修改成功");
			}else{
				ActionLogCache.insert(request, "修改密码", "失败："+vo.getInfo());
				return error(model, vo.getInfo());
			}
		}else{
			ActionLogCache.insert(request, "修改密码", "失败：原密码错误");
			return error(model, "原密码错误！");
		}
	}
}
 

@Override
public Authentication authenticate(Authentication authentication) {
    String name = authentication.getPrincipal().toString();
    String password = authentication.getCredentials().toString();

    User user = UserUtils.getPasswdAndRole(name);
    String encodedPassword = new Md5Hash(password, user.getName()).toHex();
    if (encodedPassword.equals(user.getPassword())) {
        mongoTemplate.updateFirst(Query.query(
                new Criteria()
                        .orOperator(Criteria.where("name").is(name), Criteria.where("mail").is(name))),
                Update.update("password", bcryptPasswordEncoder.encode(password)), User.class);
        user.setPassword(bcryptPasswordEncoder.encode(password));
    }
    if (bcryptPasswordEncoder.matches(password, user.getPassword())) {
        Collection<GrantedAuthority> authorityCollection = new ArrayList<>();
        authorityCollection.add(new SimpleGrantedAuthority(user.getRole()));
        return new UsernamePasswordAuthenticationToken(name, password, authorityCollection);
    }
    throw new BadCredentialsException(ResultEnum.LOGIN_FAILED.getMsg());
}
 

@PostMapping("register")
@ResponseBody
public MyResponse register(@NotBlank String username, @NotBlank String password) {
    if (ParamCheck.hasSpecialChar(username)) {
        return MyResponse.createResponse(ResponseEnum.ILLEGAL_PARAM,"special character");
    }
    String securityPassword = new Md5Hash(password, username, 5).toString();
    if (userService.queryUserByName(username) != null) {
        return MyResponse.createResponse(ResponseEnum.USER_EXIST);
    }
    //虽然上面检查了是否有同名用户，因为并发原因，添加用户的时候可能还会用户名重复，addCommonUser会返回false，最终给前端返回未知错误
    if (userService.addCommonUser(new UserPo(username, securityPassword, RoleEnum.COMMON.getRoleName()))) {
        //发送有用户登陆的mq消息
        mqSender.send2queue(username);
        return MyResponse.createResponse(ResponseEnum.SUCC);
    }
    return MyResponse.createResponse(ResponseEnum.FAIL);
}
 

@PutMapping("/me")
public ResponseEntity<Integer> updateCurrentUser(@RequestHeader(value="X-Token") String token, @RequestBody UserDetailVO userDetail) {
    String currentUserId = this.getSubjectFromJwt(jwtUtils, token, "userId");
    UserDTO dto = new UserDTO();
    dto.setId(Integer.parseInt(currentUserId));
    dto.setName(userDetail.getName());
    dto.setLoginName(userDetail.getLoginName());
    if(!StringUtils.isBlank(userDetail.getPassword())) {
        // 随机生成salt
        SecureRandomNumberGenerator secureRandomNumberGenerator = new SecureRandomNumberGenerator();
        String salt = secureRandomNumberGenerator.nextBytes().toHex();
        
        // Md5密码
        Md5Hash md5 = new Md5Hash(userDetail.getPassword(), salt, 6);
        String md5Password = md5.toHex();
        dto.setSalt(salt);
        dto.setPassword(md5Password);
    }
    int rows = this.userService.updateCurrentUser(dto);
    return rows > 0 ? ResponseEntity.status(HttpStatus.CREATED).body(rows) :
        ResponseEntity.notFound().build();
}
 

@PutMapping("/{id}/password")
public ResponseEntity<Integer> changePassword(@PathVariable("id") int userId, String password) {
    // 随机生成salt
    SecureRandomNumberGenerator secureRandomNumberGenerator = new SecureRandomNumberGenerator();
    String salt = secureRandomNumberGenerator.nextBytes().toHex();
    
    // Md5密码
    Md5Hash md5 = new Md5Hash(password, salt, 6);
    String md5Password = md5.toHex();
    
    int rows = userService.changePassword(userId, salt, md5Password);
    if(rows > 0) {
        return ResponseEntity.status(HttpStatus.CREATED).body(rows);
    }
    return ResponseEntity.notFound().build();
}
 

@PostMapping("")
public ResponseEntity<UserDetailVO> saveUser(@RequestBody UserDetailVO vo, @RequestHeader(value="X-Token") String token) {
    String currentUserId = this.getSubjectFromJwt(jwtUtils, token, "userId");

    UserDTO dto = new UserDTO();
    dto.setName(vo.getName());
    dto.setLoginName(vo.getLoginName());
    dto.setCreatorId(Integer.parseInt(currentUserId));
    dto.setRoleIds(vo.getRoleIds());

    // 随机生成salt
    SecureRandomNumberGenerator secureRandomNumberGenerator = new SecureRandomNumberGenerator();
    String salt = secureRandomNumberGenerator.nextBytes().toHex();
    Md5Hash md5 = new Md5Hash(vo.getPassword(), salt, 6);
    // 设置盐
    dto.setSalt(salt);
    // 设置新密码
    String md5Password = md5.toHex();
    dto.setPassword(md5Password);

    UserDTO user = userService.saveUser(dto);
    vo.setId(user.getId());
    return ResponseEntity.status(HttpStatus.CREATED).body(vo);
}
 

public BaseVO updatePassword(int userid, String newPassword) {
	BaseVO baseVO = new BaseVO();
	if(!(userid > 0)){
		return BaseVO.failure("userid is null");
	}
	if(newPassword == null || newPassword.length() == 0){
		return BaseVO.failure("新密码不能为空");
	}
	User user=sqlDAO.findById(User.class, userid);
	
	String md5Password = new Md5Hash(newPassword, user.getSalt(),Global.USER_PASSWORD_SALT_NUMBER).toString();
	user.setPassword(md5Password);
	sqlDAO.save(user);
	
	return baseVO;
}
 

/**
 * api登录接口，通过账号密码获取token
 */
@RequestMapping("/auth")
public Object auth(@RequestParam("username") String username,
                   @RequestParam("password") String password) {

    //封装请求账号密码为shiro可验证的token
    UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password.toCharArray());

    //获取数据库中的账号密码，准备比对
    User user = userMapper.getByAccount(username);

    String credentials = user.getPassword();
    String salt = user.getSalt();
    ByteSource credentialsSalt = new Md5Hash(salt);
    SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(
            new ShiroUser(), credentials, credentialsSalt, "");

    //校验用户账号密码
    HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher();
    md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName);
    md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations);
    boolean passwordTrueFlag = md5CredentialsMatcher.doCredentialsMatch(
            usernamePasswordToken, simpleAuthenticationInfo);

    if (passwordTrueFlag) {
        HashMap<String, Object> result = new HashMap<>();
        result.put("token", JwtTokenUtil.generateToken(String.valueOf(user.getId())));
        return result;
    } else {
        return new ErrorResponseData(500, "账号密码错误！");
    }
}
 

@Override
public SimpleAuthenticationInfo info(ShiroUser shiroUser, User user, String realmName) {
    String credentials = user.getPassword();

    // 密码加盐处理
    String source = user.getSalt();
    ByteSource credentialsSalt = new Md5Hash(source);
    return new SimpleAuthenticationInfo(shiroUser, credentials, credentialsSalt, realmName);
}
 

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException{
	
	// token是用户输入的用户名和密码 
	// 第一步从token中取出用户名
	String username = (String) token.getPrincipal();
   	
   	SqlService sqlService = SpringContextUtils.getBean(SqlServiceImpl.class);
   	RoleService roleService = SpringContextUtils.getBean(RoleServiceImpl.class);
   	
   	User user = sqlService.findAloneBySqlQuery("SELECT * FROM user WHERE username = '"+username+"'", User.class);
	
	if(user!=null){
		user.setLasttime(DateUtil.timeForUnix10());
		sqlService.save(user);
	}
   	
       if (user != null) {  
    	ActiveUser activeUser = new ActiveUser();
    	activeUser.setUser(user);
  
           //根据用户id查询权限url
   		List<Permission> permissions = roleService.findPermissionByUser(user);
   		activeUser.setPermissions(permissions);
   		
		//转换为树状集合
		List<PermissionTree> permissionTreeList = new ShiroFunc().PermissionToTree(new ArrayList<Permission>(), permissions);	
   		activeUser.setPermissionTreeList(permissionTreeList);
   		
   		String md5Password = new Md5Hash(user.getUsername(), user.getSalt(), 2).toString();
   		//将activeUser设置simpleAuthenticationInfo
   		
   		SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(
   				activeUser, md5Password,ByteSource.Util.bytes(user.getSalt()), this.getName());
   		
   		return simpleAuthenticationInfo;
       }
       
       return null;  
}
 

@Override
public ResponseEntity login(String name, String passwd) {
    User user =
            mongoTemplate.findOne(
                    Query.query(
                            new Criteria()
                                    .orOperator(Criteria.where("name").is(name), Criteria.where("mail").is(name))),
                    User.class,
                    "user");
    if (user == null) {
        return new ResponseEntity<>(new Result<String>(ResultEnum.LOGIN_FAILED), HttpStatus.UNAUTHORIZED);
    }
    String inputName = user.getName();
    String encodedPassword = new Md5Hash(passwd, inputName).toHex();
    Subject subject = SecurityUtils.getSubject();

    User tempUser = userRepository.findByName(inputName);
    if (tempUser == null) {
        return new ResponseEntity<>(new Result(ResultEnum.LOGIN_FAILED), HttpStatus.UNAUTHORIZED);
    }

    if (tempUser.getPassword() == null) {
        tempUser.setPassword(encodedPassword);
        userRepository.save(tempUser);
    }

    UsernamePasswordToken token = new UsernamePasswordToken(inputName, encodedPassword);
    token.setRememberMe(true);
    subject.login(token);
    String role = getRole(inputName);
    UserServiceImpl.logger.info("{}：{} 登录成功", role, inputName);
    return new ResponseEntity<>(new Result(ResultEnum.LOGIN_SUCCEED, getUserInfo()), HttpStatus.OK);
}
 

public SimpleAuthenticationInfo info(ShiroUser shiroUser, User user, String realmName) {
    String credentials = user.getPassword();
    // 密码加盐处理
    String source = user.getSalt();
    ByteSource credentialsSalt = new Md5Hash(source);
    return new SimpleAuthenticationInfo(shiroUser, credentials, credentialsSalt, realmName);
}
 

public SimpleAuthenticationInfo info(ShiroUser shiroUser, User user, String realmName) {
    String credentials = user.getPassword();
    // 密码加盐处理
    String source = user.getSalt();
    ByteSource credentialsSalt = new Md5Hash(source);
    return new SimpleAuthenticationInfo(shiroUser, credentials, credentialsSalt, realmName);
}
 

@Transactional
public Integer add(User user, Integer[] roleIds) {
    checkUserNameExistOnCreate(user.getUsername());
    String salt = generateSalt();
    String encryptPassword = new Md5Hash(user.getPassword(), salt).toString();

    user.setSalt(salt);
    user.setPassword(encryptPassword);
    userMapper.insert(user);

    grantRole(user.getUserId(), roleIds);

    return user.getUserId();
}
 

/**
 * 指定加密盐
 * @param str
 * @param salt
 * @return
 */
public static String md5(String str, String salt){
  if (StringUtil.isNullOrEmpty(salt)) {
    salt = DEFAULT_SALT;
  }
  return new Md5Hash(str,salt).toString() ;
}
 

@Override
public SimpleAuthenticationInfo info(ShiroUser shiroUser, User user, String realmName) {
    String credentials = user.getPassword();

    // 密码加盐处理
    String source = user.getSalt();
    ByteSource credentialsSalt = new Md5Hash(source);
    return new SimpleAuthenticationInfo(shiroUser, credentials, credentialsSalt, realmName);
}
 

@PostMapping("/token")
public ResponseEntity<?> getToken(HttpServletRequest request, String loginName, String password) {
    // 验证用户信息
    UserDTO user = userService.getByLoginName(loginName);
    if(user == null) {
        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("用户名不存在！");
    }
    if(user.getLocked()) {
        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("该账户被锁定！");
    }
    Md5Hash md5 = new Md5Hash(password, user.getSalt(), 6);
    String md5Password = md5.toHex();
    if(!md5Password.equals(user.getPassword())) {
        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("登录失败，用户名或密码错误！");
    }
    
    // 得到可访问的router
    List<RouterDTO> dtoList = routerService.listAuthorizedRouter(user.getId());
    List<RouterNavVO> voList = new ArrayList<RouterNavVO>(dtoList.size());
    for(RouterDTO dto : dtoList) {
        RouterNavVO vo = new RouterNavVO();
        BeanUtils.copyProperties(dto, vo);
        voList.add(vo);
    }
    
    Map<String, Object> response = new HashMap<String, Object>();
    response.put("userId", user.getId().toString());
    response.put("username", user.getName());
    response.put("routers", voList);
    JSONObject json = new JSONObject();
    json.put("userId", user.getId());
    json.put("username", user.getName());
    json.put("host", request.getRemoteHost());
    response.put("token", jwtUtils.createJWT(json.toJSONString()));
    return ResponseEntity.ok(response);
}
 

public static String getSalt(String username, String password) {
	StringBuffer sb = null;
	sb = new StringBuffer();
	sb.append(username).append(password);
	return new Md5Hash(sb.toString(), RandomStringUtils.randomNumeric(6)).toHex();
}
 

public static String md5(String str,String salt) {
    return new Md5Hash(str,salt).toString();
}
 

public RetryLimitMd5CredentialsMatcher(CacheManager cacheManager, Integer maxRetryCount) {
	passwordRetryCache = cacheManager.getCache("password_retry");
	this.maxRetryCount = maxRetryCount;
	setHashAlgorithmName(Md5Hash.ALGORITHM_NAME);
}
 

/**
 * 注册User，代理商开通用户网站
 * @param user
 * @param request
 * @param isAgency 是否是开通的普通代理，true，是开通普通代理
 * @return 生成的用户User对象
 */
private UserVO regUsersss(User user, HttpServletRequest request, boolean isAgency) {
	UserVO baseVO = new UserVO();
	user.setUsername(filter(user.getUsername()));
	user.setEmail(filter(user.getEmail()));
	user.setPhone(filter(user.getPhone()));
	
	//判断用户名、邮箱、手机号是否有其中为空的
	if(user.getUsername()==null||user.getUsername().equals("")){
		baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_userNameToLong"));
	}
	
	//判断用户名、邮箱、手机号是否有其中已经注册了，唯一性
	//判断用户名唯一性
	
	if(sqlService.findByProperty(User.class, "username", user.getUsername()).size() > 0){
		baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_regFailureForUsernameAlreadyExist"));
		return baseVO;
	}
	
	//判断邮箱是否被注册了，若被注册了，则邮箱设置为空
	if(sqlService.findByProperty(User.class, "email", user.getEmail()).size() > 0){
		user.setEmail("");
	}
	
	//判断手机号是否被用过。若被用过了，则自动将手机号给抹除，不写入User表
	if(user.getPhone() != null && user.getPhone().length() > 0){
		if(sqlService.findByProperty(User.class, "phone", user.getPhone()).size() > 0){
			if(isAgency){
				//如果是创建代理，手机号必须的，并且唯一
				baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_regFailureForPhoneAlreadyExist"));
				return baseVO;
			}else{
				//如果只是建站，则可以允许手机号为空
				user.setPhone("");
			}
		}
	}
	
	user.setRegip(IpUtil.getIpAddress(request));
	user.setLastip(IpUtil.getIpAddress(request));
	user.setRegtime(DateUtil.timeForUnix10());
	user.setLasttime(DateUtil.timeForUnix10());
	user.setNickname(user.getUsername());
	user.setAuthority(isAgency? Global.get("AGENCY_ROLE")+"":Global.get("USER_REG_ROLE"));	//设定是普通代理，还是会员权限
	user.setCurrency(0);
	user.setFreezemoney(0F);
	user.setMoney(0F);
	user.setIsfreeze(User.ISFREEZE_NORMAL);
	user.setHead("default.png");
	user.setIdcardauth(User.IDCARDAUTH_NO);
	
	if(getUserId() > 0){
		user.setReferrerid(getUserId());		//设定用户的上级是当前代理商本人
	}
	
	Random random = new Random();
	user.setSalt(random.nextInt(10)+""+random.nextInt(10)+""+random.nextInt(10)+""+random.nextInt(10)+"");
       String md5Password = new Md5Hash(user.getPassword(), user.getSalt(),Global.USER_PASSWORD_SALT_NUMBER).toString();
	user.setPassword(md5Password);
	
	sqlService.save(user);
	if(user.getId()>0){
		//赋予该用户系统设置的默认角色，是代理，还是会员
		UserRole userRole = new UserRole();
		int roleid = 0;
		if(isAgency){
			roleid = Global.getInt("AGENCY_ROLE");
		}else{
			roleid = Global.getInt("USER_REG_ROLE");
		}
		userRole.setRoleid(roleid);
		userRole.setUserid(user.getId());
		sqlService.save(userRole);
		
		baseVO.setBaseVO(BaseVO.SUCCESS, Language.show("user_regSuccess"));
		baseVO.setUser(user);
	}else{
		baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_regFailure"));
	}
	
	return baseVO;
}
 

@Override
public UserVO regUser(User user, HttpServletRequest request,
		boolean isAgency) {
	UserVO baseVO = new UserVO();
	user.setUsername(StringUtil.filterXss(user.getUsername()));
	user.setEmail(Safety.filter(user.getEmail()));
	user.setPhone(Safety.filter(user.getPhone()));
	
	//判断用户名、邮箱、手机号是否有其中为空的
	if(user.getUsername()==null||user.getUsername().equals("")){
		baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_userNameToLong"));
	}
	
	//判断用户名、邮箱、手机号是否有其中已经注册了，唯一性
	//判断用户名唯一性
	
	if(sqlDAO.findByProperty(User.class, "username", user.getUsername()).size() > 0){
		baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_regFailureForUsernameAlreadyExist"));
		return baseVO;
	}
	
	//判断邮箱是否被注册了，若被注册了，则邮箱设置为空
	if(sqlDAO.findByProperty(User.class, "email", user.getEmail()).size() > 0){
		user.setEmail("");
	}
	
	//判断手机号是否被用过。若被用过了，则自动将手机号给抹除，不写入User表
	if(user.getPhone() != null && user.getPhone().length() > 0){
		if(sqlDAO.findByProperty(User.class, "phone", user.getPhone()).size() > 0){
			if(isAgency){
				//如果是创建代理，手机号必须的，并且唯一
				baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_regFailureForPhoneAlreadyExist"));
				return baseVO;
			}else{
				//如果只是建站，则可以允许手机号为空
				user.setPhone("");
			}
		}
	}
	
	user.setRegip(IpUtil.getIpAddress(request));
	user.setLastip(IpUtil.getIpAddress(request));
	user.setRegtime(DateUtil.timeForUnix10());
	user.setLasttime(DateUtil.timeForUnix10());
	user.setNickname(user.getUsername());
	user.setAuthority(isAgency? Global.get("AGENCY_ROLE")+"":Global.get("USER_REG_ROLE"));	//设定是普通代理，还是会员权限
	user.setCurrency(0);
	user.setFreezemoney(0F);
	user.setMoney(0F);
	user.setIsfreeze(User.ISFREEZE_NORMAL);
	user.setHead("default.png");
	user.setIdcardauth(User.IDCARDAUTH_NO);
	
	Random random = new Random();
	user.setSalt(random.nextInt(10)+""+random.nextInt(10)+""+random.nextInt(10)+""+random.nextInt(10)+"");
       String md5Password = new Md5Hash(user.getPassword(), user.getSalt(),Global.USER_PASSWORD_SALT_NUMBER).toString();
	user.setPassword(md5Password);
	
	sqlDAO.save(user);
	if(user.getId()>0){
		//赋予该用户系统设置的默认角色，是代理，还是会员
		UserRole userRole = new UserRole();
		int roleid = 0;
		if(isAgency){
			roleid = Global.getInt("AGENCY_ROLE");
		}else{
			roleid = Global.getInt("USER_REG_ROLE");
		}
		userRole.setRoleid(roleid);
		userRole.setUserid(user.getId());
		sqlDAO.save(userRole);
		
		baseVO.setBaseVO(BaseVO.SUCCESS, Language.show("user_regSuccess"));
		baseVO.setUser(user);
	}else{
		baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_regFailure"));
	}
	
	return baseVO;
}
 

public static String md5(String str, String salt) {
    return new Md5Hash(str, salt).toString();
}
 

public BaseVO loginByUsernameAndPassword(HttpServletRequest request, String username, String password){
		username = Safety.filter(username);
		
		BaseVO baseVO = new BaseVO();
		if(username==null || username.length() == 0 ){
			baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_loginUserOrEmailNotNull"));
			return baseVO;
		}
		if(password==null || password.length() == 0){
			baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_loginPasswordNotNull"));
			return baseVO;
		}
		
		//判断是用户名还是邮箱登陆的，进而查询邮箱或者用户名，进行登录
		List<User> l = sqlDAO.findByProperty(User.class, username.indexOf("@")>-1? "email":"username", username);
		
		if(l!=null && l.size()>0){
			User user = l.get(0);
			
			String md5Password = new Md5Hash(password, user.getSalt(),Global.USER_PASSWORD_SALT_NUMBER).toString();
			//检验密码是否正确
			if(md5Password.equals(user.getPassword())){
				//检验此用户状态是否正常，是否被冻结
				if(user.getIsfreeze() == User.ISFREEZE_FREEZE){
					baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_loginUserFreeze"));
					return baseVO;
				}
				
				user.setLasttime(DateUtil.timeForUnix10());
				user.setLastip(IpUtil.getIpAddress(request));
				sqlDAO.save(user);
				
				UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(), user.getUsername());
		        token.setRememberMe(false);
				Subject currentUser = SecurityUtils.getSubject();  
				try {
					currentUser.login(token);  
				} catch ( UnknownAccountException uae ) {
					java.lang.System.out.println("UnknownAccountException:"+uae.getMessage());
				} catch ( IncorrectCredentialsException ice ) {
					java.lang.System.out.println("IncorrectCredentialsException:"+ice.getMessage());
				} catch ( LockedAccountException lae ) {
					java.lang.System.out.println("LockedAccountException:"+lae.getMessage());
				} catch ( ExcessiveAttemptsException eae ) {
					java.lang.System.out.println("ExcessiveAttemptsException:"+eae.getMessage());
				} catch ( org.apache.shiro.authc.AuthenticationException ae ) {  
					java.lang.System.out.println("AuthenticationException:"+ae.getMessage());
				}
//				logDao.insert("USER_LOGIN_SUCCESS");
				baseVO.setBaseVO(BaseVO.SUCCESS, Language.show("user_loginSuccess"));
			}else{
				baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_loginPasswordFailure"));
			}
		}else{
			baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_loginUserNotFind"));
		}
		
		return baseVO;
	}
 

public String generateMd5Password(String originalPassword, String salt){
       return new Md5Hash(originalPassword, salt ,Global.USER_PASSWORD_SALT_NUMBER).toString();
}
 

public String encryptPassword(String username, String password, String salt) {
    return new Md5Hash(username + password + salt).toHex();
}
 

public String encryptPassword(String username, String password, String salt)
{
    return new Md5Hash(username + password + salt).toHex();
}
 

public void updatePasswordByUserId(Integer userId, String password) {
    String salt = generateSalt();
    String encryptPassword = new Md5Hash(password, salt).toString();
    userMapper.updatePasswordByUserId(userId, encryptPassword, salt);
}
 

public String encryptPassword(String username, String password, String salt)
{
    return new Md5Hash(username + password + salt).toHex().toString();
}
 

private byte[] md5(String str) throws Exception {
   return new Md5Hash(str).getBytes();
}