如何获取/设置JdbcRealm的盐 [英] how to get/set the salt for a JdbcRealm

问题描述

我正在尝试使用Shiro JdbcRealm和SHA256 hashedcredentialsMatcher.我需要更新旧数据库并为每个用户分配适当的盐(通过批处理例程).

I am attempting to use the Shiro JdbcRealm and SHA256 hashedcredentialsMatcher. I need to update a legacy database and assign the appropriate salt for each user (via a batch routine).

如何使用Shiro框架获取/设置给定帐户的费用?

how do I get/set the salt for a given account using the Shiro framework?

推荐答案

使用Shiro 1.2.3，您要做的就是:

With Shiro 1.2.3 all you need to do is:

1. 扩展JdbcRealm 并设置盐样式.

1. Extend JdbcRealm and set salt style.

public class JdbcSaltRealm extends JdbcRealm {
    public JdbcSaltRealm() {
        setSaltStyle(SaltStyle.COLUMN);
    }
}

更新shiro.ini 以使用扩展域并从数据库获取Salt列

Update shiro.ini to use extended realm and to get salt column from DB

credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
jdbcRealm = com.mypackage.JdbcSaltRealm
jdbcRealm.authenticationQuery = SELECT password, salt FROM user WHERE username = ?
jdbcRealm.credentialsMatcher = $credentialsMatcher

哈希和盐当前/新用户密码.应该对所有现有用户以及新用户注册执行此操作.

Hash & salt current / new user passwords. This should be done for all existing users as well as on new user registrations.

private void saltHashPassword(String password) {

    String salt = new BigInteger(250, new SecureRandom()).toString(32);

    //TODO: save salt value to "salt" column in user table

    Sha256Hash hash = new Sha256Hash(password, 
                          (new SimpleByteSource(salt)).getBytes());
    String saltedHashedPassword = hash.toHex();

    //TODO: save saltedHashedPassword value to "password" column in user table
}

我希望我的回答是清晰易懂的.

I hope my answer is clear and understandable.

这篇关于如何获取/设置JdbcRealm的盐的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！