@Override
  public void init(NutConfig config) {
    Ioc ioc = config.getIoc();
    Dao dao = ioc.get(Dao.class);

    // 若必要的数据表不存在,则初始化数据库
    if (!dao.exists(User.class)) {
      dao.create(User.class, true);
      dao.create(Role.class, true);
      dao.create(Permission.class, true);
      FileSqlManager fm = new FileSqlManager("init_system_h2.sql");
      List<Sql> sqlList = fm.createCombo(fm.keys());
      dao.execute(sqlList.toArray(new Sql[sqlList.size()]));
      // 初始化用户密码(全部都是123)及salt
      List<User> userList = dao.query(User.class, null);
      for (User user : userList) {
        RandomNumberGenerator rng = new SecureRandomNumberGenerator();
        String salt = rng.nextBytes().toBase64();
        String hashedPasswordBase64 = new Sha256Hash("123", salt, 1024).toBase64();
        user.setSalt(salt);
        user.setPassword(hashedPasswordBase64);
        dao.update(user);
      }
    }

    // 设置 Shiro 的 securityManager
    SecurityManager securityManager = ioc.get(SecurityManager.class);
    SecurityUtils.setSecurityManager(securityManager);
  }
Beispiel #2
0
 /*
  * 신규 가입 사용자 생성
  */
 private static User createNewUser(User user) {
   RandomNumberGenerator rng = new SecureRandomNumberGenerator();
   user.passwordSalt = Arrays.toString(rng.nextBytes().getBytes());
   user.password = hashedPassword(user.password, user.passwordSalt);
   User.create(user);
   if (isUseSignUpConfirm()) {
     user.changeState(UserState.LOCKED);
   } else {
     user.changeState(UserState.ACTIVE);
   }
   Email.deleteOtherInvalidEmails(user.email);
   return user;
 }
Beispiel #3
0
 /*
  * 신규 가입 사용자 생성
  */
 private static User createNewUser(User user) {
   RandomNumberGenerator rng = new SecureRandomNumberGenerator();
   user.passwordSalt = rng.nextBytes().getBytes().toString();
   user.password = hashedPassword(user.password, user.passwordSalt);
   user.avatarUrl = DEFAULT_AVATAR_URL;
   User.create(user);
   if (isUseSignUpConfirm()) {
     user.changeState(UserState.LOCKED);
   } else {
     user.changeState(UserState.ACTIVE);
   }
   return user;
 }
Beispiel #4
0
 public static void encryptPassword(User user) {
   user.setSalt(generator.nextBytes().toHex());
   String newPassword =
       new SimpleHash(
               algorithmName,
               user.getPassword(),
               ByteSource.Util.bytes(user.getCredentialsSalt()),
               hashIterations)
           .toHex();
   user.setPassword(newPassword);
 }
Beispiel #5
0
  /** @param user */
  public final void encryptPassword(final User user) {
    if (user.getSalt() == null) {
      user.setSalt(randomNumberGenerator.nextBytes().toHex());
    }
    String newPassword =
        new SimpleHash(
                algorithmName,
                user.getPassword(),
                ByteSource.Util.bytes(user.getCredentialsSalt()),
                hashIterations)
            .toHex();

    user.setPassword(newPassword);
  }
 protected void doPost(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException {
   String username = request.getParameter("username");
   String password = request.getParameter("password");
   String sql = "select * from cas_server_demo.login where username='******'";
   PrintWriter out = response.getWriter();
   try {
     st = (Statement) conn.createStatement();
     ResultSet rs = st.executeQuery(sql);
     if (rs.next()) {
       out.println("Username has been registered already. Please choose another usernmae.");
       return;
     }
     int hashIterations = 1000;
     RandomNumberGenerator saltGenerator = new SecureRandomNumberGenerator();
     ByteSource salt = saltGenerator.nextBytes(64); // 64bytes
     String saltString = salt.toBase64();
     System.out.println("username = "******"saltString = " + saltString);
     String encodedPassword = new Sha512Hash(password, salt, hashIterations).toBase64();
     System.out.println("encodedPassword = "******"INSERT INTO cas_server_demo.login (username, encryptedPassword, salt) VALUES ('"
             + username
             + "', '"
             + encodedPassword
             + "', '"
             + saltString
             + "')";
     st.execute(sql);
     out.println("user [" + username + "] has been registered successfully.");
   } catch (SQLException e) {
     // TODO Auto-generated catch block
     e.printStackTrace();
   }
 }
 private ByteSource getSalt() {
   RandomNumberGenerator rng = new SecureRandomNumberGenerator();
   return rng.nextBytes();
 }