乐趣区

关于java:Shiro安全框架-密码service

@Override
public int updatePassword(String sourcePassword, String newPassword, String confirPassword) {
    // 参数校验
 if(sourcePassword == null ||" " .equals(sourcePassword))
        throw  new IllegalArgumentException("初始密码不能为空");
    if (newPassword ==null || "" .equals(newPassword))
        throw new IllegalArgumentException("新密码不能为空");
    if(!newPassword.equals(confirPassword))
        throw new IllegalArgumentException("前后输出的两次明码不同");
        
    SysUser principal = (SysUser) SecurityUtils.getSubject().getPrincipal();
    SimpleHash sh = new SimpleHash("MD5", sourcePassword, principal.getSalt(), 1);
    if (!principal.getPassword().equals(sh.toHex()))
        throw new IllegalArgumentException("原始明码不正确");
        ~~~~
    String newSalt = UUID.randomUUID().toString();
    sh = new SimpleHash("MD5",newPassword,newSalt,1);
    String newHashedPassword = sh.toHex();
    int rows = sysUserDao.updatePassword(newHashedPassword, newSalt, principal.getId());
    return rows;
退出移动版