@Override public void init(NutConfig config) { Ioc ioc = config.getIoc(); Dao dao = ioc.get(Dao.class); // 若必要的数据表不存在,则初始化数据库 if (!dao.exists(User.class)) { dao.create(User.class, true); dao.create(Role.class, true); dao.create(Permission.class, true); FileSqlManager fm = new FileSqlManager("init_system_h2.sql"); List<Sql> sqlList = fm.createCombo(fm.keys()); dao.execute(sqlList.toArray(new Sql[sqlList.size()])); // 初始化用户密码(全部都是123)及salt List<User> userList = dao.query(User.class, null); for (User user : userList) { RandomNumberGenerator rng = new SecureRandomNumberGenerator(); String salt = rng.nextBytes().toBase64(); String hashedPasswordBase64 = new Sha256Hash("123", salt, 1024).toBase64(); user.setSalt(salt); user.setPassword(hashedPasswordBase64); dao.update(user); } } // 设置 Shiro 的 securityManager SecurityManager securityManager = ioc.get(SecurityManager.class); SecurityUtils.setSecurityManager(securityManager); }
/* * 신규 가입 사용자 생성 */ private static User createNewUser(User user) { RandomNumberGenerator rng = new SecureRandomNumberGenerator(); user.passwordSalt = Arrays.toString(rng.nextBytes().getBytes()); user.password = hashedPassword(user.password, user.passwordSalt); User.create(user); if (isUseSignUpConfirm()) { user.changeState(UserState.LOCKED); } else { user.changeState(UserState.ACTIVE); } Email.deleteOtherInvalidEmails(user.email); return user; }
/* * 신규 가입 사용자 생성 */ private static User createNewUser(User user) { RandomNumberGenerator rng = new SecureRandomNumberGenerator(); user.passwordSalt = rng.nextBytes().getBytes().toString(); user.password = hashedPassword(user.password, user.passwordSalt); user.avatarUrl = DEFAULT_AVATAR_URL; User.create(user); if (isUseSignUpConfirm()) { user.changeState(UserState.LOCKED); } else { user.changeState(UserState.ACTIVE); } return user; }
public static void encryptPassword(User user) { user.setSalt(generator.nextBytes().toHex()); String newPassword = new SimpleHash( algorithmName, user.getPassword(), ByteSource.Util.bytes(user.getCredentialsSalt()), hashIterations) .toHex(); user.setPassword(newPassword); }
/** @param user */ public final void encryptPassword(final User user) { if (user.getSalt() == null) { user.setSalt(randomNumberGenerator.nextBytes().toHex()); } String newPassword = new SimpleHash( algorithmName, user.getPassword(), ByteSource.Util.bytes(user.getCredentialsSalt()), hashIterations) .toHex(); user.setPassword(newPassword); }
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); String password = request.getParameter("password"); String sql = "select * from cas_server_demo.login where username='******'"; PrintWriter out = response.getWriter(); try { st = (Statement) conn.createStatement(); ResultSet rs = st.executeQuery(sql); if (rs.next()) { out.println("Username has been registered already. Please choose another usernmae."); return; } int hashIterations = 1000; RandomNumberGenerator saltGenerator = new SecureRandomNumberGenerator(); ByteSource salt = saltGenerator.nextBytes(64); // 64bytes String saltString = salt.toBase64(); System.out.println("username = "******"saltString = " + saltString); String encodedPassword = new Sha512Hash(password, salt, hashIterations).toBase64(); System.out.println("encodedPassword = "******"INSERT INTO cas_server_demo.login (username, encryptedPassword, salt) VALUES ('" + username + "', '" + encodedPassword + "', '" + saltString + "')"; st.execute(sql); out.println("user [" + username + "] has been registered successfully."); } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } }
private ByteSource getSalt() { RandomNumberGenerator rng = new SecureRandomNumberGenerator(); return rng.nextBytes(); }