Shiro学习笔记--自定义密码校验逻辑

1. 定义 自定义密码匹配器bean credentialsMatcher

    <bean id="myRealm" class="cn.org.celay.realm.MyRealm">
        <property name="credentialsMatcher" ref="customCredentialsMatcher"/>
    </bean>
    <bean id="customCredentialsMatcher" class="cn.org.celay.shiro.matcher.CustomCredentialsMatcher"/>

2. 可以看到shiro源码中默认的AuthenticatingRealm

   
   

3. 重写doCredentialsMatch方法 返回boolean(认证是否通过)，其中的认证逻辑可以自定义，比如这里讲密码MD5加密转为大写，另外可以做密码校验次数校验（比如连续5次密码错误锁定账号）

public class CustomCredentialsMatcher  extends SimpleCredentialsMatcher {
    @Override
    public boolean doCredentialsMatch(AuthenticationToken authcToken, AuthenticationInfo info) {
        UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
        Object tokenCredentials = encrypt(String.valueOf(token.getPassword()));
        Object accountCredentials = getCredentials(info);
        boolean retult = equals(tokenCredentials, accountCredentials);
        if (!retult) {
            //todo  密码错误次数加一
        }
        return retult;
    }

    /**
     * MD5加密---md5转为大写
     */
    private String encrypt(String data) {
        if (StringUtils.isBlank(data)) {
            return StringUtils.EMPTY;
        }
        return new Md5Hash(data).toString().toUpperCase();
    }
}