Shiro匹配credentialsMatcher和用户密码创建不匹配

Question

我使用shiro作为我的Java 1.8应用程序的身份验证。我的用户创建将sha256和盐。

Shiro只会在输入的数据库中确切地匹配密码。例如，如果数据库密码是纯文本并且是“密码”，并且我输入了“密码”，它就可以工作。

如果我在数据库中加密密码时输入了'密码'，它将不匹配，并且会失败。

我如何获得shiro从输入的内容创建sha256和sal密码以便密码匹配？

我的用户创建代码

EntityManagerFactory factory = 
        Persistence.createEntityManagerFactory("e"); 

      EntityManager em = factory.createEntityManager(); 
      em.getTransaction().begin(); 

      com.e.dto.User user = new com.e.dto.User(); 

      DefaultPasswordService a = new DefaultPasswordService(); 
      password = a.encryptPassword(password); 

      user.setUsername(username); 
      user.setPassword(password); 

      em.persist(user); 

     em.getTransaction().commit(); 

shiro.ini

jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm 
jdbcRealm.authenticationQuery = SELECT password from user where username = ? 
jdbcRealm.userRolesQuery = select role from userroles where userID = (select id FROM user WHERE username = ?) 

ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource 
ds.serverName = localhost 
ds.user = root 
ds.password = password 
ds.databaseName = myDatabase 
jdbcRealm.dataSource= $ds 

credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher 
credentialsMatcher.hashAlgorithmName = SHA-256 
credentialsMatcher.storedCredentialsHexEncoded = true 
credentialsMatcher.hashIterations = 10000 
credentialsMatcher.hashSalted = true 

新用户密码

$shiro1$SHA-256$500000$xRvz5dByhvAtFG7VHlCjHA==$xxakvEZdBF6cI+UmyR1OY098tAlscOKhpwQuT7THijw= 

Answer 1

为了让密码相匹配的DefaultPasswordService对象必须在ini创建然后设置为org.apache.shiro.authc.credential.PasswordMatcherpasswordService值

https://shiro.apache.org/static/1.3.1/apidocs/org/apache/shiro/authc/credential/PasswordService.html

passwordService = org.apache.shiro.authc.credential.DefaultPasswordService 
# configure the passwordService to use the settings you desire 

passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher 
passwordMatcher.passwordService = $passwordService