代码拉取完成,页面将自动刷新
我旧数据是没有加盐过的MD5密码,因此在如下代码密码匹配不上,请问怎么取消shiro中的MD5加盐过程,有没有更好的解决办法,让两种密码形式同时存在?
AuthorizingRealm
public static final String HASH_ALGORITHM = "MD5";
public static final int HASH_INTERATIONS = 1;
public static final int SALT_SIZE = 8;
private UserService userService;
public AuthorizingRealm() {
super();
// 设定密码校验的Hash算法与迭代次数
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(HASH_ALGORITHM);
matcher.setHashIterations(HASH_INTERATIONS);
matcher.setStoredCredentialsHexEncoded(true);
this.setCredentialsMatcher(matcher);
}
HashedCredentialsMatcher.class
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
Object tokenHashedCredentials = this.hashProvidedCredentials(token, info);
Object accountCredentials = this.getCredentials(info);
return this.equals(tokenHashedCredentials, accountCredentials);
}
protected Object hashProvidedCredentials(AuthenticationToken token, AuthenticationInfo info) {
Object salt = null;
if (info instanceof SaltedAuthenticationInfo) {
salt = ((SaltedAuthenticationInfo)info).getCredentialsSalt();
} else if (this.isHashSalted()) {
salt = this.getSalt(token);
}
return this.hashProvidedCredentials(token.getCredentials(), salt, this.getHashIterations());
}