3
这里是我的四郎配置四郎与JDBC和哈希密码
[main]
authc.loginUrl = /site/index.jsp
authc.usernameParam = user
authc.passwordParam = pass
authc.rememberMeParam = remember
authc.successUrl = /site/home.jsp
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled=true
jdbcRealm.authenticationQuery = select password from users where username = ?
jdbcRealm.userRolesQuery = select role from users where username = ?
credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
credentialsMatcher.storedCredentialsHexEncoded = true
credentialsMatcher.hashIterations = 5000
jdbcRealm.credentialsMatcher = $credentialsMatcher
jof = org.apache.shiro.jndi.JndiObjectFactory
jof.resourceName = jdbc/postgres
jof.requiredType = javax.sql.DataSource
jof.resourceRef = true
jdbcRealm.dataSource = $jof
securityManager.realms = jdbcRealm
[urls]
/theme/** = anon
/site/** = authc
/site/cards.jsp = roles[smoto,admin]
/site/jobs.jsp = roles[admin]
我创建的哈希像这样admin密码admin
String hashedPassword = new Sha256Hash("admin", "",5000).toHex();
我插入散列到分贝,但我的身份验证失败每时间,有没有人有与shiro这种设置的任何经验?另外我将如何启用调试或日志记录?
编辑: 这里是正确的设置了这种身份验证,发现它在另一个StackOverflow的发布
[main]
authc.loginUrl = /site/index.jsp
authc.usernameParam = user
authc.passwordParam = pass
authc.rememberMeParam = remember
authc.successUrl = /site/home.jsp
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled=false
jdbcRealm.authenticationQuery = select password from users where username = ?
jdbcRealm.userRolesQuery = select role from users where username = ?
ps = org.apache.shiro.authc.credential.DefaultPasswordService
pm = org.apache.shiro.authc.credential.PasswordMatcher
pm.passwordService = $ps
jof = org.apache.shiro.jndi.JndiObjectFactory
jof.resourceName = jdbc/postgres
jof.requiredType = javax.sql.DataSource
jof.resourceRef = true
jdbcRealm.dataSource = $jof
jdbcRealm.credentialsMatcher = $pm
#securityManager.realms = jdbcRealm
[urls]
/theme/** = anon
/site/** = authc
/site/cards.jsp = roles[smoto,admin]
/site/jobs.jsp = roles[admin]
诀窍是使用散列工具,四郎提供和精确的输出复制到数据库场“密码”,整个字符串将包含哪些算法用于多少个迭代等,例如信息:
$shiro1$SHA-256$500000$salthere$hashhere
有没有办法将通过的密码记录到shiro.ini?我的应用总是返回,我传递的密码是错误的...我使用一些更复杂的散列...我的数据库中的密码看起来像:$ shiro1 $ SHA-256 $ 1028 $ 8Q4AlwW/3NloawqM4ijdQQ == $ DWE96wyrASHjA/vKCDFtSanDrw44L3wF1/DXPrJrtio = – Marcel