kam*_*aci 15 java hash spring spring-security saltedhash
如何使用Spring Security 3散列密码并加密它们?
Ali*_*Ali 20
程序化的,你可以这样做:
在您的application-context.xml(在web.xml下contextConfigLocation定义)文件中定义bean(此示例使用md5).
<bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder" />
然后自动设置密码编码器:
@Autowired
PasswordEncoder passwordEncoder;
在您的方法中或您想要哈希和盐的任何地方.
passwordEncoder.encodePassword("MyPasswordAsString", "mySaltAsStringOrObject");
上面的调用应该返回一个salted哈希(作为a String).
应该这样做.我假设你可以找出你需要的罐子.
UPDATE
不言而喻,使用MD5并不是最好的主意.理想情况下,您应该至少使用SHA-256.这可以通过以下方式完成ShaPasswordEncoder.
将上面的MD5 bean配置替换为:
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<constructor-arg value="256"/>
</bean>
小智 7
最简单的似乎是Spring Security 3.1假设没有对散列方式的约束:
<bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<security:authentication-manager>
<security:authentication-provider>
<security:password-encoder ref="encoder"/>
<security:jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username,password, enabled from users where username=?" authorities-by-username-query="select u.username, ur.authority from users u, user_roles ur where u.username = ur.username and u.username =?"/>
</security:authentication-provider>
</security:authentication-manager>
@Controller
@Stateless
public class UsersEJB {
@PersistenceContext(unitName = "somePU")
private EntityManager em;
@Transactional
public void create(Users users) {
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String hashedPassword = passwordEncoder.encode(users.getPassword());
users.setPassword(hashedPassword);
em.persist(users);
}
}
最简单的方法,如记录:
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDetailsService" >
<password-encoder hash="sha">
<salt-source user-property="username"/>
</password-encoder>
</authentication-provider>
</authentication-manager>
HTH
| 归档时间: |
|
| 查看次数: |
17675 次 |
| 最近记录: |