org.apache.shiro.crypto.hash.Sha256Hash Java Examples
The following examples show how to use
org.apache.shiro.crypto.hash.Sha256Hash.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ProfileController.java From NutzSite with Apache License 2.0 | 6 votes |
|
@At
@POST
@Ok("json")
@Slog(tag="个人信息", after="重置密码")
public Result resetPwdDo(@Param("oldPassword") String oldPassword,
@Param("newPassword") String newPassword) {
User user = ShiroUtils.getSysUser();
String old = new Sha256Hash(oldPassword, user.getSalt(), 1024).toBase64();
if (Strings.isNotBlank(newPassword) && old.equals(user.getPassword())) {
user.setPassword(newPassword);
if (userService.resetUserPwd(user) > 0) {
ShiroUtils.setSysUser(userService.fetch(user.getId()));
return Result.success("system.success");
}
return Result.error("system.error");
} else {
return Result.error("profile.resetpwd");
}
}
Example #2
| Source File: SysUserController.java From springboot-admin with Apache License 2.0 | 6 votes |
|
/**
* 修改登录用户密码
*/
@SysLog("修改密码")
@RequestMapping("/updatePassword")
public Result updatePassword(String password, String newPassword){
if(StringUtils.isBlank(newPassword)){
throw new AppException("新密码不为能空");
}
//sha256加密
password = new Sha256Hash(password, getUser().getSalt()).toHex();
//sha256加密
newPassword = new Sha256Hash(newPassword, getUser().getSalt()).toHex();
//更新密码
int count = sysUserService.updatePassword(getUser(), password, newPassword);
if(count == 0){
return Result.error("原密码不正确");
}
return Result.ok();
}
Example #3
| Source File: SysLoginController.java From sdb-mall with Apache License 2.0 | 6 votes |
|
/**
* 登录
*/
@PostMapping("/sys/login")
public Map<String, Object> login(@RequestBody SysLoginForm form)throws IOException {
boolean captcha = sysCaptchaService.validate(form.getUuid(), form.getCaptcha());
if(!captcha){
return R.error("验证码不正确");
}
//用户信息
SysUser user = sysUserService.queryByUserName(form.getUsername());
//账号不存在、密码错误
if(user == null || !user.getPassword().equals(new Sha256Hash(form.getPassword(), user.getSalt()).toHex())) {
return R.error("账号或密码不正确");
}
//账号锁定
if(user.getStatus() == 0){
return R.error("账号已被锁定,请联系管理员");
}
//生成token,并保存到数据库
R r = sysUserTokenService.createToken(user.getUserId());
return r;
}
Example #4
| Source File: SysUserServiceImpl.java From sdb-mall with Apache License 2.0 | 6 votes |
|
@Override
@JFinalTx
public void save(SysUser user) {
user.setCreateTime(new Date());
//sha256加密
String salt = RandomStringUtils.randomAlphanumeric(20);
user.setPassword(new Sha256Hash(user.getPassword(), salt).toHex());
user.setSalt(salt);
user.save();
//检查角色是否越权
checkRole(user);
//保存用户与角色关系
sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
}
Example #5
| Source File: SysUserServiceImpl.java From sdb-mall with Apache License 2.0 | 6 votes |
|
@Override
@JFinalTx
public boolean update(SysUser user) {
if(StringUtils.isBlank(user.getPassword())){
user.remove("password");
}else{
user.setPassword(new Sha256Hash(user.getPassword(), user.getSalt()).toHex());
}
boolean updateSucc = user.update();
//检查角色是否越权
checkRole(user);
//保存用户与角色关系
sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
return updateSucc;
}
Example #6
| Source File: SysLoginController.java From renren-fast with GNU General Public License v3.0 | 6 votes |
|
/**
* 登录
*/
@RequestMapping(value = "/sys/login", method = RequestMethod.POST)
public Map<String, Object> login(String username, String password, String captcha)throws IOException {
String kaptcha = ShiroUtils.getKaptcha(Constants.KAPTCHA_SESSION_KEY);
if(!captcha.equalsIgnoreCase(kaptcha)){
return R.error("验证码不正确");
}
//用户信息
SysUserEntity user = sysUserService.queryByUserName(username);
//账号不存在、密码错误
if(user == null || !user.getPassword().equals(new Sha256Hash(password, user.getSalt()).toHex())) {
return R.error("账号或密码不正确");
}
//账号锁定
if(user.getStatus() == 0){
return R.error("账号已被锁定,请联系管理员");
}
//生成token,并保存到数据库
R r = sysUserTokenService.createToken(user.getUserId());
return r;
}
Example #7
| Source File: SysUserServiceImpl.java From renren-fast with GNU General Public License v3.0 | 6 votes |
|
@Override
@Transactional
public void save(SysUserEntity user) {
user.setCreateTime(new Date());
//sha256加密
String salt = RandomStringUtils.randomAlphanumeric(20);
user.setPassword(new Sha256Hash(user.getPassword(), salt).toHex());
user.setSalt(salt);
sysUserDao.save(user);
//检查角色是否越权
checkRole(user);
//保存用户与角色关系
sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
}
Example #8
| Source File: SysUserServiceImpl.java From renren-fast with GNU General Public License v3.0 | 6 votes |
|
@Override
@Transactional
public void update(SysUserEntity user) {
if(StringUtils.isBlank(user.getPassword())){
user.setPassword(null);
}else{
user.setPassword(new Sha256Hash(user.getPassword(), user.getSalt()).toHex());
}
sysUserDao.update(user);
//检查角色是否越权
checkRole(user);
//保存用户与角色关系
sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
}
Example #9
| Source File: TestController.java From springboot-admin with Apache License 2.0 | 6 votes |
|
@GetMapping("/login")
public Result login(String username, String password){
//用户信息
SysUser user = sysUserService.queryByUserName(username);
//账号不存在
if(user == null) {
return Result.error("账号不存在");
}
//密码错误
if(!user.getPassword().equals(new Sha256Hash(password, user.getSalt()).toHex())) {
return Result.error("密码不正确");
}
//生成token
String token = jwtUtils.generateToken(user.getId());
Map<String, Object> map = new HashMap<>();
map.put("userId", user.getId());
map.put("token", token);
map.put("expire", jwtUtils.getExpire());
Result r=Result.ok().put(map);
return r;
}
Example #10
| Source File: DefaultUserService.java From java-course-ee with MIT License | 5 votes |
|
public void createUser(String username, String email, String password) {
User user = new User();
user.setUsername(username);
user.setEmail(email);
user.setPassword(new Sha256Hash(password).toHex());
userDAO.createUser(user);
}
Example #11
| Source File: BootstrapDataPopulator.java From java-course-ee with MIT License | 5 votes |
|
public void afterPropertiesSet() throws Exception {
//because we're using an in-memory hsqldb for the sample app, a new one will be created each time the
//app starts, so insert the sample admin user at startup:
JdbcTemplate jdbcTemplate = new JdbcTemplate(this.dataSource);
jdbcTemplate.execute("insert into roles values (1, 'user', 'The default role given to all users.')");
jdbcTemplate.execute("insert into roles values (2, 'admin', 'The administrator role only given to site admins')");
jdbcTemplate.execute("insert into roles_permissions values (2, 'user:*')");
jdbcTemplate.execute("insert into users(id,username,email,password) values (1, 'admin', '[email protected]', '" + new Sha256Hash("admin").toHex() + "')");
jdbcTemplate.execute("insert into users_roles values (1, 2)");
}
Example #12
| Source File: EditUserCommand.java From java-course-ee with MIT License | 5 votes |
|
public void updateUser(User user) {
Assert.isTrue(userId.equals(user.getId()), "User ID of command must match the user being updated.");
user.setUsername(getUsername());
user.setEmail(getEmail());
if (StringUtils.hasText(getPassword())) {
user.setPassword(new Sha256Hash(getPassword()).toHex());
}
}
Example #13
| Source File: WebSecurityConfig.java From java-webapp-security-examples with Apache License 2.0 | 5 votes |
|
@Bean(name = "jdbcRealm")
@DependsOn("lifecycleBeanPostProcessor")
public JdbcRealm jdbcRealm() {
JdbcRealm realm = new JdbcRealm();
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME);
realm.setCredentialsMatcher(credentialsMatcher);
realm.setDataSource(dataSource);
realm.init();
return realm;
}
Example #14
| Source File: SysUserServiceImpl.java From springboot-admin with Apache License 2.0 | 5 votes |
|
@Override
@Transactional
public void update(SysUser user) {
sysUserRedis.delete(user);
if(StringUtils.isBlank(user.getPassword())){
user.setPassword(null);
}else{
user.setPassword(new Sha256Hash(user.getPassword(), user.getSalt()).toHex());
}
sysUserDao.update(user);
//保存用户与角色关系
sysUserRoleService.saveOrUpdate(user.getId(), user.getRoleIdList());
}
Example #15
| Source File: SysUserServiceImpl.java From springboot-admin with Apache License 2.0 | 5 votes |
|
@Override
@Transactional
public void save(SysUser user) {
user.setCreateTime(new Date());
//sha256加密
String salt = RandomStringUtils.randomAlphanumeric(20);
user.setPassword(new Sha256Hash(user.getPassword(), salt).toHex());
user.setSalt(salt);
sysUserDao.save(user);
//保存用户与角色关系
sysUserRoleService.saveOrUpdate(user.getId(), user.getRoleIdList());
sysUserRedis.saveOrUpdate(user);
}
Example #16
| Source File: SysLoginController.java From springboot-admin with Apache License 2.0 | 5 votes |
|
/**
* 登录
*/
@RequestMapping(value = "/sys/login", method = RequestMethod.POST)
public Result login(String username, String password, String captcha)throws IOException {
//验证码
if(SpringContextUtils.getBean(KaptchaConfig.class).getKaptchaOpen()){
String kaptcha = getKaptcha(Constants.KAPTCHA_SESSION_KEY);
if(!captcha.equalsIgnoreCase(kaptcha)){
return Result.error("验证码不正确");
}
}
//用户信息
SysUser user = sysUserService.queryByUserName(username);
//账号不存在
if(user == null) {
return Result.error("账号不存在");
}
//密码错误
if(!user.getPassword().equals(new Sha256Hash(password, user.getSalt()).toHex())) {
return Result.error("密码不正确");
}
//账号锁定
if(Constant.UserStatus.DISABLE.getValue() == user.getStatus()){
return Result.error("账号已被锁定,请联系管理员");
}
//生成token,并保存到数据库
Map<String, Object> result=sysUserTokenService.createToken(user.getId());
Result r =Result.ok().put(result);
return r;
}
Example #17
| Source File: Sha256CredentialsHashingStrategy.java From arcusplatform with Apache License 2.0 | 5 votes |
|
@Override
public String hashCredentials(String credentials, ByteSource salt) {
if(credentials == null || salt == null) {
return null;
}
return new Sha256Hash(credentials, salt, ITERATIONS).toBase64();
}
Example #18
| Source File: Sha256CredentialsHashingStrategy.java From arcusplatform with Apache License 2.0 | 5 votes |
|
public Sha256CredentialsHashingStrategy() {
HashedCredentialsMatcher hashMatcher = new HashedCredentialsMatcher();
hashMatcher.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME);
hashMatcher.setHashIterations(ITERATIONS);
hashMatcher.setStoredCredentialsHexEncoded(false);
credentialsMatcher = hashMatcher;
}
Example #19
| Source File: ProfileController.java From NutzSite with Apache License 2.0 | 5 votes |
|
@At
@Ok("json")
public boolean checkPassword(@Param("oldPassword") String password) {
User user = ShiroUtils.getSysUser();
String old = new Sha256Hash(password, user.getSalt(), 1024).toBase64();
if (old.equals(user.getPassword())) {
return true;
}
return false;
}
Example #20
| Source File: UserServiceImpl.java From NutzSite with Apache License 2.0 | 5 votes |
|
/**
* 重置密码
*
* @param user
* @return
*/
@Override
public int resetUserPwd(User user) {
RandomNumberGenerator rng = new SecureRandomNumberGenerator();
String salt = rng.nextBytes().toBase64();
user.setSalt(salt);
String hashedPasswordBase64 = new Sha256Hash(user.getPassword(), salt, 1024).toBase64();
user.setPassword(hashedPasswordBase64);
user.setUpdateTime(new Date());
return dao().updateIgnoreNull(user);
}
Example #21
| Source File: UserServiceImpl.java From NutzSite with Apache License 2.0 | 5 votes |
|
/**
* 新增
*
* @param user
* @return
*/
@Override
public User insert(User user) {
RandomNumberGenerator rng = new SecureRandomNumberGenerator();
//密码设置
String salt = rng.nextBytes().toBase64();
user.setSalt(salt);
String hashedPasswordBase64 = new Sha256Hash(user.getPassword(), salt, 1024).toBase64();
user.setPassword(hashedPasswordBase64);
dao().insert(user);
this.updataRelation(user);
return user;
}
Example #22
| Source File: AES.java From arcusplatform with Apache License 2.0 | 4 votes |
|
private byte[] sha1(String key, String salt) throws Exception {
return new Sha256Hash(key, salt).getBytes();
}
Example #23
| Source File: EncryptUtils.java From parker with MIT License | 2 votes |
|
/**
* SHA-256加密
* @param password
* @return
*/
public static String shiroSha256(String password){
Sha256Hash sha256Hash = new Sha256Hash(password);
return sha256Hash.toHex();
}
Example #24
| Source File: PasswordUtils.java From kitty with GNU Lesser General Public License v3.0 | 2 votes |
|
/**
* 明文密码加密
* @param password
* @param salt
* @return
*/
public static String encrypte(String password, String salt) {
return new Sha256Hash(password, salt).toHex();
}
