[main]
#为了验证加密过的密码,自定义一个jdbcRealm
jdbcRealm = com.cqw.shiro.MyJdbcRealm
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery = SELECT pwd FROM user WHERE userName = ?
利用shiro自己的密码验证程序自动login,但由于存储在数据库中是加密过的byte[],而shiro自动的是使用如下方式获得:
result[0] = rs.getString(1);
导致密码验证始终有问题
于是自定义了一个MyJdbcRealm,用来取代系统默认的jdbcrealm
public class MyJdbcRealm extends JdbcRealm {
/* (non-Javadoc)
* @see org.apache.shiro.realm.jdbc.JdbcRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
//自己的方法取得数据库中的密码
Record user = User.dao.findByUserName(username);
char[] userPwd = ToolString.BytesToStr(user.get(User.column_userPwd)).toCharArray();
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, userPwd, getName());
return info;
}
}
这样,再验证就ok啦
啦啦啦啦啦啦