org.apache.shiro.crypto.hash.Sha256Hash Java Examples

The following examples show how to use org.apache.shiro.crypto.hash.Sha256Hash. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ProfileController.java    From NutzSite with Apache License 2.0 6 votes vote down vote up
@At
@POST
@Ok("json")
@Slog(tag="个人信息", after="重置密码")
public Result resetPwdDo(@Param("oldPassword") String oldPassword,
                       @Param("newPassword") String newPassword) {
    User user = ShiroUtils.getSysUser();
    String old = new Sha256Hash(oldPassword, user.getSalt(), 1024).toBase64();
    if (Strings.isNotBlank(newPassword) && old.equals(user.getPassword())) {
        user.setPassword(newPassword);
        if (userService.resetUserPwd(user) > 0) {
            ShiroUtils.setSysUser(userService.fetch(user.getId()));
            return Result.success("system.success");
        }
        return Result.error("system.error");
    } else {
        return Result.error("profile.resetpwd");
    }
}
 
Example #2
Source File: SysUserController.java    From springboot-admin with Apache License 2.0 6 votes vote down vote up
/**
 * 修改登录用户密码
 */
@SysLog("修改密码")
@RequestMapping("/updatePassword")
public Result updatePassword(String password, String newPassword){
	if(StringUtils.isBlank(newPassword)){
		throw new AppException("新密码不为能空");
	}
	
	//sha256加密
	password = new Sha256Hash(password, getUser().getSalt()).toHex();
	//sha256加密
	newPassword = new Sha256Hash(newPassword, getUser().getSalt()).toHex();

	//更新密码
	int count = sysUserService.updatePassword(getUser(), password, newPassword);
	if(count == 0){
		return Result.error("原密码不正确");
	}
	
	return Result.ok();
}
 
Example #3
Source File: SysLoginController.java    From sdb-mall with Apache License 2.0 6 votes vote down vote up
/**
 * 登录
 */
@PostMapping("/sys/login")
public Map<String, Object> login(@RequestBody SysLoginForm form)throws IOException {
	boolean captcha = sysCaptchaService.validate(form.getUuid(), form.getCaptcha());
	if(!captcha){
		return R.error("验证码不正确");
	}

	//用户信息
	SysUser user = sysUserService.queryByUserName(form.getUsername());

	//账号不存在、密码错误
	if(user == null || !user.getPassword().equals(new Sha256Hash(form.getPassword(), user.getSalt()).toHex())) {
		return R.error("账号或密码不正确");
	}

	//账号锁定
	if(user.getStatus() == 0){
		return R.error("账号已被锁定,请联系管理员");
	}

	//生成token,并保存到数据库
	R r = sysUserTokenService.createToken(user.getUserId());
	return r;
}
 
Example #4
Source File: SysUserServiceImpl.java    From sdb-mall with Apache License 2.0 6 votes vote down vote up
@Override
@JFinalTx
public void save(SysUser user) {
	user.setCreateTime(new Date());
	//sha256加密
	String salt = RandomStringUtils.randomAlphanumeric(20);
	user.setPassword(new Sha256Hash(user.getPassword(), salt).toHex());
	user.setSalt(salt);
	user.save();
	
	//检查角色是否越权
	checkRole(user);
	
	//保存用户与角色关系
	sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
}
 
Example #5
Source File: SysUserServiceImpl.java    From sdb-mall with Apache License 2.0 6 votes vote down vote up
@Override
@JFinalTx
public boolean update(SysUser user) {
	if(StringUtils.isBlank(user.getPassword())){
		user.remove("password");
	}else{
		user.setPassword(new Sha256Hash(user.getPassword(), user.getSalt()).toHex());
	}
	boolean updateSucc = user.update();
	
	//检查角色是否越权
	checkRole(user);
	
	//保存用户与角色关系
	sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());

	return updateSucc;
}
 
Example #6
Source File: SysLoginController.java    From renren-fast with GNU General Public License v3.0 6 votes vote down vote up
/**
 * 登录
 */
@RequestMapping(value = "/sys/login", method = RequestMethod.POST)
public Map<String, Object> login(String username, String password, String captcha)throws IOException {
	String kaptcha = ShiroUtils.getKaptcha(Constants.KAPTCHA_SESSION_KEY);
	if(!captcha.equalsIgnoreCase(kaptcha)){
		return R.error("验证码不正确");
	}

	//用户信息
	SysUserEntity user = sysUserService.queryByUserName(username);

	//账号不存在、密码错误
	if(user == null || !user.getPassword().equals(new Sha256Hash(password, user.getSalt()).toHex())) {
		return R.error("账号或密码不正确");
	}

	//账号锁定
	if(user.getStatus() == 0){
		return R.error("账号已被锁定,请联系管理员");
	}

	//生成token,并保存到数据库
	R r = sysUserTokenService.createToken(user.getUserId());
	return r;
}
 
Example #7
Source File: SysUserServiceImpl.java    From renren-fast with GNU General Public License v3.0 6 votes vote down vote up
@Override
@Transactional
public void save(SysUserEntity user) {
	user.setCreateTime(new Date());
	//sha256加密
	String salt = RandomStringUtils.randomAlphanumeric(20);
	user.setPassword(new Sha256Hash(user.getPassword(), salt).toHex());
	user.setSalt(salt);
	sysUserDao.save(user);
	
	//检查角色是否越权
	checkRole(user);
	
	//保存用户与角色关系
	sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
}
 
Example #8
Source File: SysUserServiceImpl.java    From renren-fast with GNU General Public License v3.0 6 votes vote down vote up
@Override
@Transactional
public void update(SysUserEntity user) {
	if(StringUtils.isBlank(user.getPassword())){
		user.setPassword(null);
	}else{
		user.setPassword(new Sha256Hash(user.getPassword(), user.getSalt()).toHex());
	}
	sysUserDao.update(user);
	
	//检查角色是否越权
	checkRole(user);
	
	//保存用户与角色关系
	sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
}
 
Example #9
Source File: TestController.java    From springboot-admin with Apache License 2.0 6 votes vote down vote up
@GetMapping("/login")
public Result login(String username, String password){
    //用户信息
    SysUser user = sysUserService.queryByUserName(username);

    //账号不存在
    if(user == null) {
        return Result.error("账号不存在");
    }

    //密码错误
    if(!user.getPassword().equals(new Sha256Hash(password, user.getSalt()).toHex())) {
        return Result.error("密码不正确");
    }

    //生成token
    String token = jwtUtils.generateToken(user.getId());

    Map<String, Object> map = new HashMap<>();
    map.put("userId", user.getId());
    map.put("token", token);
    map.put("expire", jwtUtils.getExpire());

    Result r=Result.ok().put(map);
    return r;
}
 
Example #10
Source File: DefaultUserService.java    From java-course-ee with MIT License 5 votes vote down vote up
public void createUser(String username, String email, String password) {
    User user = new User();
    user.setUsername(username);
    user.setEmail(email);
    user.setPassword(new Sha256Hash(password).toHex());
    userDAO.createUser(user);
}
 
Example #11
Source File: BootstrapDataPopulator.java    From java-course-ee with MIT License 5 votes vote down vote up
public void afterPropertiesSet() throws Exception {
    //because we're using an in-memory hsqldb for the sample app, a new one will be created each time the
    //app starts, so insert the sample admin user at startup:
    JdbcTemplate jdbcTemplate = new JdbcTemplate(this.dataSource);

    jdbcTemplate.execute("insert into roles values (1, 'user', 'The default role given to all users.')");
    jdbcTemplate.execute("insert into roles values (2, 'admin', 'The administrator role only given to site admins')");
    jdbcTemplate.execute("insert into roles_permissions values (2, 'user:*')");
    jdbcTemplate.execute("insert into users(id,username,email,password) values (1, 'admin', '[email protected]', '" + new Sha256Hash("admin").toHex() + "')");
    jdbcTemplate.execute("insert into users_roles values (1, 2)");


}
 
Example #12
Source File: EditUserCommand.java    From java-course-ee with MIT License 5 votes vote down vote up
public void updateUser(User user) {
    Assert.isTrue(userId.equals(user.getId()), "User ID of command must match the user being updated.");
    user.setUsername(getUsername());
    user.setEmail(getEmail());
    if (StringUtils.hasText(getPassword())) {
        user.setPassword(new Sha256Hash(getPassword()).toHex());
    }
}
 
Example #13
Source File: WebSecurityConfig.java    From java-webapp-security-examples with Apache License 2.0 5 votes vote down vote up
@Bean(name = "jdbcRealm")
@DependsOn("lifecycleBeanPostProcessor")
public JdbcRealm jdbcRealm() {
    JdbcRealm realm = new JdbcRealm();
    HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
    credentialsMatcher.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME);
    realm.setCredentialsMatcher(credentialsMatcher);
    realm.setDataSource(dataSource);
    realm.init();
    return realm;
}
 
Example #14
Source File: SysUserServiceImpl.java    From springboot-admin with Apache License 2.0 5 votes vote down vote up
@Override
@Transactional
public void update(SysUser user) {
	sysUserRedis.delete(user);

	if(StringUtils.isBlank(user.getPassword())){
		user.setPassword(null);
	}else{
		user.setPassword(new Sha256Hash(user.getPassword(), user.getSalt()).toHex());
	}
	sysUserDao.update(user);
	
	//保存用户与角色关系
	sysUserRoleService.saveOrUpdate(user.getId(), user.getRoleIdList());
}
 
Example #15
Source File: SysUserServiceImpl.java    From springboot-admin with Apache License 2.0 5 votes vote down vote up
@Override
@Transactional
public void save(SysUser user) {
	user.setCreateTime(new Date());
	//sha256加密
	String salt = RandomStringUtils.randomAlphanumeric(20);
	user.setPassword(new Sha256Hash(user.getPassword(), salt).toHex());
	user.setSalt(salt);
	sysUserDao.save(user);

	//保存用户与角色关系
	sysUserRoleService.saveOrUpdate(user.getId(), user.getRoleIdList());

	sysUserRedis.saveOrUpdate(user);
}
 
Example #16
Source File: SysLoginController.java    From springboot-admin with Apache License 2.0 5 votes vote down vote up
/**
 * 登录
 */
@RequestMapping(value = "/sys/login", method = RequestMethod.POST)
public Result login(String username, String password, String captcha)throws IOException {
	//验证码
	if(SpringContextUtils.getBean(KaptchaConfig.class).getKaptchaOpen()){
		String kaptcha = getKaptcha(Constants.KAPTCHA_SESSION_KEY);
		if(!captcha.equalsIgnoreCase(kaptcha)){
			return Result.error("验证码不正确");
		}
	}

	//用户信息
	SysUser user = sysUserService.queryByUserName(username);

	//账号不存在
	if(user == null) {
		return Result.error("账号不存在");
	}

	//密码错误
	if(!user.getPassword().equals(new Sha256Hash(password, user.getSalt()).toHex())) {
		return Result.error("密码不正确");
	}

	//账号锁定
	if(Constant.UserStatus.DISABLE.getValue() == user.getStatus()){
		return Result.error("账号已被锁定,请联系管理员");
	}

	//生成token,并保存到数据库
	Map<String, Object> result=sysUserTokenService.createToken(user.getId());
	Result r =Result.ok().put(result);
	return r;
}
 
Example #17
Source File: Sha256CredentialsHashingStrategy.java    From arcusplatform with Apache License 2.0 5 votes vote down vote up
@Override
public String hashCredentials(String credentials, ByteSource salt) {
   if(credentials == null || salt == null) {
      return null;
   }

   return new Sha256Hash(credentials, salt, ITERATIONS).toBase64();
}
 
Example #18
Source File: Sha256CredentialsHashingStrategy.java    From arcusplatform with Apache License 2.0 5 votes vote down vote up
public Sha256CredentialsHashingStrategy() {
   HashedCredentialsMatcher hashMatcher = new HashedCredentialsMatcher();
   hashMatcher.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME);
   hashMatcher.setHashIterations(ITERATIONS);
   hashMatcher.setStoredCredentialsHexEncoded(false);
   credentialsMatcher = hashMatcher;
}
 
Example #19
Source File: ProfileController.java    From NutzSite with Apache License 2.0 5 votes vote down vote up
@At
@Ok("json")
public boolean checkPassword(@Param("oldPassword") String password) {
    User user = ShiroUtils.getSysUser();
    String old = new Sha256Hash(password, user.getSalt(), 1024).toBase64();
    if (old.equals(user.getPassword())) {
        return true;
    }
    return false;
}
 
Example #20
Source File: UserServiceImpl.java    From NutzSite with Apache License 2.0 5 votes vote down vote up
/**
 * 重置密码
 *
 * @param user
 * @return
 */
@Override
public int resetUserPwd(User user) {
    RandomNumberGenerator rng = new SecureRandomNumberGenerator();
    String salt = rng.nextBytes().toBase64();
    user.setSalt(salt);
    String hashedPasswordBase64 = new Sha256Hash(user.getPassword(), salt, 1024).toBase64();
    user.setPassword(hashedPasswordBase64);
    user.setUpdateTime(new Date());
    return dao().updateIgnoreNull(user);
}
 
Example #21
Source File: UserServiceImpl.java    From NutzSite with Apache License 2.0 5 votes vote down vote up
/**
 * 新增
 *
 * @param user
 * @return
 */
@Override
public User insert(User user) {
    RandomNumberGenerator rng = new SecureRandomNumberGenerator();
    //密码设置
    String salt = rng.nextBytes().toBase64();
    user.setSalt(salt);
    String hashedPasswordBase64 = new Sha256Hash(user.getPassword(), salt, 1024).toBase64();
    user.setPassword(hashedPasswordBase64);

    dao().insert(user);
    this.updataRelation(user);
    return user;
}
 
Example #22
Source File: AES.java    From arcusplatform with Apache License 2.0 4 votes vote down vote up
private byte[] sha1(String key, String salt) throws Exception {
   return new Sha256Hash(key, salt).getBytes();
}
 
Example #23
Source File: EncryptUtils.java    From parker with MIT License 2 votes vote down vote up
/**
 * SHA-256加密
 * @param password
 * @return
 */
public static String shiroSha256(String password){
    Sha256Hash sha256Hash = new Sha256Hash(password);
    return sha256Hash.toHex();
}
 
Example #24
Source File: PasswordUtils.java    From kitty with GNU Lesser General Public License v3.0 2 votes vote down vote up
/**
 * 明文密码加密
 * @param password
 * @param salt
 * @return
 */
public static String encrypte(String password, String salt) {
	return new Sha256Hash(password, salt).toHex();
}