新增UserService

新增服务类UserService,这次暂时不建接口了

  1. package net.wendal.nutzbook.service;
  3. import java.util.Date;
  5. import net.wendal.nutzbook.bean.User;
  7. import org.apache.shiro.crypto.hash.Sha256Hash;
  8. import org.nutz.ioc.loader.annotation.IocBean;
  9. import org.nutz.lang.random.R;
  10. import org.nutz.service.IdNameEntityService;
  12. @IocBean(fields="dao")
  13. public class UserService extends IdNameEntityService<User> {
  15.     public User add(String name, String password) {
  16.         User user = new User();
  17.         user.setName(name.trim());
  18.         user.setSalt(R.UU16());
  19.         user.setPassword(new Sha256Hash(password, user.getSalt()).toHex());
  20.         user.setCreateTime(new Date());
  21.         user.setUpdateTime(new Date());
  22.         return dao().insert(user);
  23.     }
  25.     public int fetch(String username, String password) {
  26.         User user = fetch(username);
  27.         if (user == null) {
  28.             return -1;
  29.         }
  30.         String _pass = new Sha256Hash(password, user.getSalt()).toHex();
  31.         if(_pass.equalsIgnoreCase(user.getPassword())) {
  32.             return user.getId();
  33.         }
  34.         return -1;
  35.     }
  37.     public void updatePassword(int userId, String password) {
  38.         User user = fetch(userId);
  39.         if (user == null) {
  40.             return;
  41.         }
  42.         user.setSalt(R.UU16());
  43.         user.setPassword(new Sha256Hash(password, user.getSalt()).toHex());
  44.         user.setUpdateTime(new Date());
  45.         dao().update(user, "^(password|salt|updateTime)$");
  46.     }
  47. }

留意一下IocBean中的fields配置

含义是需要注入父类的dao属性

这里用到了sha256加盐算法,将对应shiro.ini中配置

请不要使用明文存储密码.