Java Code Examples for org.apache.shiro.crypto.hash.Sha256Hash

The following examples show how to use org.apache.shiro.crypto.hash.Sha256Hash. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: NutzSite   Source File: ProfileController.java    License: Apache License 2.0 6 votes vote down vote up
@At
@POST
@Ok("json")
@Slog(tag="个人信息", after="重置密码")
public Result resetPwdDo(@Param("oldPassword") String oldPassword,
                       @Param("newPassword") String newPassword) {
    User user = ShiroUtils.getSysUser();
    String old = new Sha256Hash(oldPassword, user.getSalt(), 1024).toBase64();
    if (Strings.isNotBlank(newPassword) && old.equals(user.getPassword())) {
        user.setPassword(newPassword);
        if (userService.resetUserPwd(user) > 0) {
            ShiroUtils.setSysUser(userService.fetch(user.getId()));
            return Result.success("system.success");
        }
        return Result.error("system.error");
    } else {
        return Result.error("profile.resetpwd");
    }
}
 
Example 2
Source Project: sdb-mall   Source File: SysLoginController.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * 登录
 */
@PostMapping("/sys/login")
public Map<String, Object> login(@RequestBody SysLoginForm form)throws IOException {
	boolean captcha = sysCaptchaService.validate(form.getUuid(), form.getCaptcha());
	if(!captcha){
		return R.error("验证码不正确");
	}

	//用户信息
	SysUser user = sysUserService.queryByUserName(form.getUsername());

	//账号不存在、密码错误
	if(user == null || !user.getPassword().equals(new Sha256Hash(form.getPassword(), user.getSalt()).toHex())) {
		return R.error("账号或密码不正确");
	}

	//账号锁定
	if(user.getStatus() == 0){
		return R.error("账号已被锁定,请联系管理员");
	}

	//生成token,并保存到数据库
	R r = sysUserTokenService.createToken(user.getUserId());
	return r;
}
 
Example 3
Source Project: sdb-mall   Source File: SysUserServiceImpl.java    License: Apache License 2.0 6 votes vote down vote up
@Override
@JFinalTx
public void save(SysUser user) {
	user.setCreateTime(new Date());
	//sha256加密
	String salt = RandomStringUtils.randomAlphanumeric(20);
	user.setPassword(new Sha256Hash(user.getPassword(), salt).toHex());
	user.setSalt(salt);
	user.save();
	
	//检查角色是否越权
	checkRole(user);
	
	//保存用户与角色关系
	sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
}
 
Example 4
Source Project: sdb-mall   Source File: SysUserServiceImpl.java    License: Apache License 2.0 6 votes vote down vote up
@Override
@JFinalTx
public boolean update(SysUser user) {
	if(StringUtils.isBlank(user.getPassword())){
		user.remove("password");
	}else{
		user.setPassword(new Sha256Hash(user.getPassword(), user.getSalt()).toHex());
	}
	boolean updateSucc = user.update();
	
	//检查角色是否越权
	checkRole(user);
	
	//保存用户与角色关系
	sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());

	return updateSucc;
}
 
Example 5
/**
 * 登录
 */
@RequestMapping(value = "/sys/login", method = RequestMethod.POST)
public Map<String, Object> login(String username, String password, String captcha)throws IOException {
	String kaptcha = ShiroUtils.getKaptcha(Constants.KAPTCHA_SESSION_KEY);
	if(!captcha.equalsIgnoreCase(kaptcha)){
		return R.error("验证码不正确");
	}

	//用户信息
	SysUserEntity user = sysUserService.queryByUserName(username);

	//账号不存在、密码错误
	if(user == null || !user.getPassword().equals(new Sha256Hash(password, user.getSalt()).toHex())) {
		return R.error("账号或密码不正确");
	}

	//账号锁定
	if(user.getStatus() == 0){
		return R.error("账号已被锁定,请联系管理员");
	}

	//生成token,并保存到数据库
	R r = sysUserTokenService.createToken(user.getUserId());
	return r;
}
 
Example 6
@Override
@Transactional
public void save(SysUserEntity user) {
	user.setCreateTime(new Date());
	//sha256加密
	String salt = RandomStringUtils.randomAlphanumeric(20);
	user.setPassword(new Sha256Hash(user.getPassword(), salt).toHex());
	user.setSalt(salt);
	sysUserDao.save(user);
	
	//检查角色是否越权
	checkRole(user);
	
	//保存用户与角色关系
	sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
}
 
Example 7
@Override
@Transactional
public void update(SysUserEntity user) {
	if(StringUtils.isBlank(user.getPassword())){
		user.setPassword(null);
	}else{
		user.setPassword(new Sha256Hash(user.getPassword(), user.getSalt()).toHex());
	}
	sysUserDao.update(user);
	
	//检查角色是否越权
	checkRole(user);
	
	//保存用户与角色关系
	sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
}
 
Example 8
Source Project: springboot-admin   Source File: TestController.java    License: Apache License 2.0 6 votes vote down vote up
@GetMapping("/login")
public Result login(String username, String password){
    //用户信息
    SysUser user = sysUserService.queryByUserName(username);

    //账号不存在
    if(user == null) {
        return Result.error("账号不存在");
    }

    //密码错误
    if(!user.getPassword().equals(new Sha256Hash(password, user.getSalt()).toHex())) {
        return Result.error("密码不正确");
    }

    //生成token
    String token = jwtUtils.generateToken(user.getId());

    Map<String, Object> map = new HashMap<>();
    map.put("userId", user.getId());
    map.put("token", token);
    map.put("expire", jwtUtils.getExpire());

    Result r=Result.ok().put(map);
    return r;
}
 
Example 9
Source Project: springboot-admin   Source File: SysUserController.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * 修改登录用户密码
 */
@SysLog("修改密码")
@RequestMapping("/updatePassword")
public Result updatePassword(String password, String newPassword){
	if(StringUtils.isBlank(newPassword)){
		throw new AppException("新密码不为能空");
	}
	
	//sha256加密
	password = new Sha256Hash(password, getUser().getSalt()).toHex();
	//sha256加密
	newPassword = new Sha256Hash(newPassword, getUser().getSalt()).toHex();

	//更新密码
	int count = sysUserService.updatePassword(getUser(), password, newPassword);
	if(count == 0){
		return Result.error("原密码不正确");
	}
	
	return Result.ok();
}
 
Example 10
Source Project: NutzSite   Source File: UserServiceImpl.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * 新增
 *
 * @param user
 * @return
 */
@Override
public User insert(User user) {
    RandomNumberGenerator rng = new SecureRandomNumberGenerator();
    //密码设置
    String salt = rng.nextBytes().toBase64();
    user.setSalt(salt);
    String hashedPasswordBase64 = new Sha256Hash(user.getPassword(), salt, 1024).toBase64();
    user.setPassword(hashedPasswordBase64);

    dao().insert(user);
    this.updataRelation(user);
    return user;
}
 
Example 11
Source Project: NutzSite   Source File: UserServiceImpl.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * 重置密码
 *
 * @param user
 * @return
 */
@Override
public int resetUserPwd(User user) {
    RandomNumberGenerator rng = new SecureRandomNumberGenerator();
    String salt = rng.nextBytes().toBase64();
    user.setSalt(salt);
    String hashedPasswordBase64 = new Sha256Hash(user.getPassword(), salt, 1024).toBase64();
    user.setPassword(hashedPasswordBase64);
    user.setUpdateTime(new Date());
    return dao().updateIgnoreNull(user);
}
 
Example 12
Source Project: NutzSite   Source File: ProfileController.java    License: Apache License 2.0 5 votes vote down vote up
@At
@Ok("json")
public boolean checkPassword(@Param("oldPassword") String password) {
    User user = ShiroUtils.getSysUser();
    String old = new Sha256Hash(password, user.getSalt(), 1024).toBase64();
    if (old.equals(user.getPassword())) {
        return true;
    }
    return false;
}
 
Example 13
public Sha256CredentialsHashingStrategy() {
   HashedCredentialsMatcher hashMatcher = new HashedCredentialsMatcher();
   hashMatcher.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME);
   hashMatcher.setHashIterations(ITERATIONS);
   hashMatcher.setStoredCredentialsHexEncoded(false);
   credentialsMatcher = hashMatcher;
}
 
Example 14
@Override
public String hashCredentials(String credentials, ByteSource salt) {
   if(credentials == null || salt == null) {
      return null;
   }

   return new Sha256Hash(credentials, salt, ITERATIONS).toBase64();
}
 
Example 15
Source Project: springboot-admin   Source File: SysLoginController.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * 登录
 */
@RequestMapping(value = "/sys/login", method = RequestMethod.POST)
public Result login(String username, String password, String captcha)throws IOException {
	//验证码
	if(SpringContextUtils.getBean(KaptchaConfig.class).getKaptchaOpen()){
		String kaptcha = getKaptcha(Constants.KAPTCHA_SESSION_KEY);
		if(!captcha.equalsIgnoreCase(kaptcha)){
			return Result.error("验证码不正确");
		}
	}

	//用户信息
	SysUser user = sysUserService.queryByUserName(username);

	//账号不存在
	if(user == null) {
		return Result.error("账号不存在");
	}

	//密码错误
	if(!user.getPassword().equals(new Sha256Hash(password, user.getSalt()).toHex())) {
		return Result.error("密码不正确");
	}

	//账号锁定
	if(Constant.UserStatus.DISABLE.getValue() == user.getStatus()){
		return Result.error("账号已被锁定,请联系管理员");
	}

	//生成token,并保存到数据库
	Map<String, Object> result=sysUserTokenService.createToken(user.getId());
	Result r =Result.ok().put(result);
	return r;
}
 
Example 16
Source Project: springboot-admin   Source File: SysUserServiceImpl.java    License: Apache License 2.0 5 votes vote down vote up
@Override
@Transactional
public void save(SysUser user) {
	user.setCreateTime(new Date());
	//sha256加密
	String salt = RandomStringUtils.randomAlphanumeric(20);
	user.setPassword(new Sha256Hash(user.getPassword(), salt).toHex());
	user.setSalt(salt);
	sysUserDao.save(user);

	//保存用户与角色关系
	sysUserRoleService.saveOrUpdate(user.getId(), user.getRoleIdList());

	sysUserRedis.saveOrUpdate(user);
}
 
Example 17
Source Project: springboot-admin   Source File: SysUserServiceImpl.java    License: Apache License 2.0 5 votes vote down vote up
@Override
@Transactional
public void update(SysUser user) {
	sysUserRedis.delete(user);

	if(StringUtils.isBlank(user.getPassword())){
		user.setPassword(null);
	}else{
		user.setPassword(new Sha256Hash(user.getPassword(), user.getSalt()).toHex());
	}
	sysUserDao.update(user);
	
	//保存用户与角色关系
	sysUserRoleService.saveOrUpdate(user.getId(), user.getRoleIdList());
}
 
Example 18
@Bean(name = "jdbcRealm")
@DependsOn("lifecycleBeanPostProcessor")
public JdbcRealm jdbcRealm() {
    JdbcRealm realm = new JdbcRealm();
    HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
    credentialsMatcher.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME);
    realm.setCredentialsMatcher(credentialsMatcher);
    realm.setDataSource(dataSource);
    realm.init();
    return realm;
}
 
Example 19
Source Project: java-course-ee   Source File: EditUserCommand.java    License: MIT License 5 votes vote down vote up
public void updateUser(User user) {
    Assert.isTrue(userId.equals(user.getId()), "User ID of command must match the user being updated.");
    user.setUsername(getUsername());
    user.setEmail(getEmail());
    if (StringUtils.hasText(getPassword())) {
        user.setPassword(new Sha256Hash(getPassword()).toHex());
    }
}
 
Example 20
Source Project: java-course-ee   Source File: BootstrapDataPopulator.java    License: MIT License 5 votes vote down vote up
public void afterPropertiesSet() throws Exception {
    //because we're using an in-memory hsqldb for the sample app, a new one will be created each time the
    //app starts, so insert the sample admin user at startup:
    JdbcTemplate jdbcTemplate = new JdbcTemplate(this.dataSource);

    jdbcTemplate.execute("insert into roles values (1, 'user', 'The default role given to all users.')");
    jdbcTemplate.execute("insert into roles values (2, 'admin', 'The administrator role only given to site admins')");
    jdbcTemplate.execute("insert into roles_permissions values (2, 'user:*')");
    jdbcTemplate.execute("insert into users(id,username,email,password) values (1, 'admin', '[email protected]', '" + new Sha256Hash("admin").toHex() + "')");
    jdbcTemplate.execute("insert into users_roles values (1, 2)");


}
 
Example 21
Source Project: java-course-ee   Source File: DefaultUserService.java    License: MIT License 5 votes vote down vote up
public void createUser(String username, String email, String password) {
    User user = new User();
    user.setUsername(username);
    user.setEmail(email);
    user.setPassword(new Sha256Hash(password).toHex());
    userDAO.createUser(user);
}
 
Example 22
Source Project: arcusplatform   Source File: AES.java    License: Apache License 2.0 4 votes vote down vote up
private byte[] sha1(String key, String salt) throws Exception {
   return new Sha256Hash(key, salt).getBytes();
}
 
Example 23
Source Project: kitty   Source File: PasswordUtils.java    License: GNU Lesser General Public License v3.0 2 votes vote down vote up
/**
 * 明文密码加密
 * @param password
 * @param salt
 * @return
 */
public static String encrypte(String password, String salt) {
	return new Sha256Hash(password, salt).toHex();
}
 
Example 24
Source Project: parker   Source File: EncryptUtils.java    License: MIT License 2 votes vote down vote up
/**
 * SHA-256加密
 * @param password
 * @return
 */
public static String shiroSha256(String password){
    Sha256Hash sha256Hash = new Sha256Hash(password);
    return sha256Hash.toHex();
}