如何获取/设置JdbcRealm的盐 [英] how to get/set the salt for a JdbcRealm
问题描述
我正在尝试使用Shiro JdbcRealm和SHA256 hashedcredentialsMatcher.我需要更新旧数据库并为每个用户分配适当的盐(通过批处理例程).
I am attempting to use the Shiro JdbcRealm and SHA256 hashedcredentialsMatcher. I need to update a legacy database and assign the appropriate salt for each user (via a batch routine).
如何使用Shiro框架获取/设置给定帐户的费用?
how do I get/set the salt for a given account using the Shiro framework?
推荐答案
使用Shiro 1.2.3,您要做的就是:
With Shiro 1.2.3 all you need to do is:
-
扩展
JdbcRealm
并设置盐样式.
Extend
JdbcRealm
and set salt style.
public class JdbcSaltRealm extends JdbcRealm {
public JdbcSaltRealm() {
setSaltStyle(SaltStyle.COLUMN);
}
}
更新shiro.ini
以使用扩展域并从数据库获取Salt列
Update shiro.ini
to use extended realm and to get salt column from DB
credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
jdbcRealm = com.mypackage.JdbcSaltRealm
jdbcRealm.authenticationQuery = SELECT password, salt FROM user WHERE username = ?
jdbcRealm.credentialsMatcher = $credentialsMatcher
哈希和盐当前/新用户密码.应该对所有现有用户以及新用户注册执行此操作.
Hash & salt current / new user passwords. This should be done for all existing users as well as on new user registrations.
private void saltHashPassword(String password) {
String salt = new BigInteger(250, new SecureRandom()).toString(32);
//TODO: save salt value to "salt" column in user table
Sha256Hash hash = new Sha256Hash(password,
(new SimpleByteSource(salt)).getBytes());
String saltedHashedPassword = hash.toHex();
//TODO: save saltedHashedPassword value to "password" column in user table
}
我希望我的回答是清晰易懂的.
I hope my answer is clear and understandable.
这篇关于如何获取/设置JdbcRealm的盐的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!