我想知道如果每次运行生成的哈希值不同,BCrypt如何推断输入密码的正确性?
例:
给定密码:"password123"
可以说,我将给定密码哈希10次并收到:
$2a$10$Uw0LDj343yp1tIpouRwHGeWflT3.QjDp9DeJ2XiwTIHf1T.pjEy0i
$2a$10$uYWUCEnh4gn00w57VSrYjej.UvhzBL8Wf2doTAGSGfhUMtuGr5bha
$2a$10$cJi3XOkRxxicDjEBibNhNOg5MGM.G/.p70KE75.44ayPQo8kCDxUu
$2a$10$qLcN2obMThH544U967JM5OS0vtcfP.Iq1.f0mZdvWfyeIoWHyr422
$2a$10$5/JssXqJyGHeMQlB4pr7zebTRFSt/2iwYJHF5f7.jdlTxbH4c9Sjq
$2a$10$La1UQKu306aNWkhhfhC5XeX7mfcnfbSchBIpLG6O57gur/U/n/fua
$2a$10$xTzEGVfc1D1UHFeMO95ktOJGFT79ybKUKN.z.MidMjP1XfAeElNEi
$2a$10$i9Y.1Ix6PL1bDwoTYtC49.Y0LKpar/S5qC1SkzFB4vnafikOhHSga
$2a$10$FJNTj5xeVbIcMaf9EhodHu9jJLrJL53QHQK9OuemwMh3WuTfxXEqu
$2a$10$OXMToK5CXeNtRHC3w7eqe.Mr7p4fJanbE28E2Y3MHh6f6cq1chyE6
如果我们假设我将第一个哈希存储在我的数据库中,并且用户尝试使用正确的密码几小时后登录.在用户尝试登录时生成的哈希与我在数据库中存储的哈希完全不同.
BCrypt如何确定这两个哈希是否引用相同的密码?
我正在尝试建立一个包含spring security的java可配置spring环境.应用程序启动没有任何错误,但我无法成功登录.
WebAppInitializer
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import org.springframework.core.annotation.Order;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
@Order(value = 1)
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
super.onStartup(servletContext);
}
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { HibernateConfig.class, SecurityConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { WebAppConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
SecurityInitializer
import org.springframework.core.annotation.Order;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
@Order(value = 2)
public class SecurityInitializer extends …我构建了一个没有任何XML的java配置的Spring MVC应用程序.我可以在笔记本电脑上部署和启动应用程序,没有任何问题.但是当我尝试在我的testserver(tomcat 7)上部署我的应用程序时,我收到以下消息:
HTTP Status 404 - The requested resource (/[application context]/) is not available.
我使用Eclipse Maven插件构建我的应用程序.是否可以在没有web.xml的情况下部署应用程序,如果没有,哪个是我真正需要的基本web.xml?
Maven WAR插件:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>${maven.war.plugin.version}</version>
<configuration>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
WebAppInitializer:
@Order(value = 1)
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
super.onStartup(servletContext);
}
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { HibernateConfig.class, SecurityConfig.class, HibernateDaoConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { WebAppConfig.class };
}
@Override
protected String[] getServletMappings() {
return new …我面临的问题是,JasperReports仍然无法找到Arial字体.
我创建了一个简单的Maven项目,其结构如下,并将其包含在我的主应用程序中.因此主应用程序在classpath中包含已安装的JAR:
- jasperreports_extension.properties
- fonts
|-> arial
|-> ariali.ttf
|-> arialbi.ttf
|-> arialbd.ttf
|-> arial.ttf
|-> fonts.xml
但是在将报告导出为PDF时,我仍然会看到以下异常.
net.sf.jasperreports.engine.JRRuntimeException: Could not load the following font :
pdfFontName : Arial
pdfEncoding : Identity-H
isPdfEmbedded : true
jasperreports_extension.properties
net.sf.jasperreports.extension.registry.factory.simple.font.families=net.sf.jasperreports.engine.fonts.SimpleFontExtensionsRegistryFactory
net.sf.jasperreports.extension.simple.font.families.arial=fonts/fonts.xml
fonts.xml:
<?xml version="1.0" encoding="UTF-8"?>
<fontFamilies>
<fontFamily name="Arial">
<normal>fonts/arial/arial.ttf</normal>
<bold>fonts/arial/arialbd.ttf</bold>
<italic>fonts/arial/ariali.ttf</italic>
<boldItalic>fonts/arial/arialbi.ttf</boldItalic>
<pdfEncoding>Identity-H</pdfEncoding>
<pdfEmbedded>true</pdfEmbedded>
</fontFamily>
</fontFamilies>
模板
<font fontName="Arial" size="8" pdfFontName="Arial" pdfEncoding="Identity-H" isPdfEmbedded="true"/>
我有一些麻烦将我的报告导出为XLS.PDF格式的导出效果很好.
所以我尝试更新到最新的JasperReports和Apache POI版本:
但我总是收到以下异常:
java.lang.NoSuchMethodError: org.apache.poi.hssf.usermodel.HSSFWorkbook.createDataFormat()Lorg/apache/poi/hssf/usermodel/HSSFDataFormat;
net.sf.jasperreports.engine.export.JRXlsExporter.openWorkbook(JRXlsExporter.java:284)
net.sf.jasperreports.engine.export.JRXlsAbstractExporter.exportReportToStream(JRXlsAbstractExporter.java:927)
net.sf.jasperreports.engine.export.JRXlsAbstractExporter.exportReport(JRXlsAbstractExporter.java:697)
com.phoenix.customermonitor.print.GenericDataSourceApp.xls(GenericDataSourceApp.java:290)
com.phoenix.customermonitor.print.GenericDataSourceApp.exportToFormat(GenericDataSourceApp.java:335)
com.phoenix.core.JasperReportHandlerAction.exportOrderMonitorOverview(JasperReportHandlerAction.java:242)
com.phoenix.customermonitor.action.OrderMonitorMainAction.execute(OrderMonitorMainAction.java:217)
org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:190)
org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:304)
org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:190)
org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
出口代码
File sourceFile = new File(fileIn);
JasperPrint jasperPrint = (JasperPrint)JRLoader.loadObject(sourceFile);
String name = fileIn.substring(fileIn.lastIndexOf(System.getProperty("file.separator"))+1);
name = name.substring(0, name.lastIndexOf("."));
File destFile = new File(fileOut);
JRXlsExporter exporter = new JRXlsExporter();
exporter.setParameter(JRExporterParameter.JASPER_PRINT, jasperPrint);
exporter.setParameter(JRExporterParameter.OUTPUT_FILE_NAME, destFile.toString());
exporter.exportReport();
经过一些研究后,我尝试了其他几个版本(+4),但我仍然收到此错误.有谁知道解决方案?
我刚刚实现了AspectJ,如下所述:https://stackoverflow.com/a/10998044/2182503
这个解决方案工作正常,直到我发现我的@Autowired字段为空@InitBinder.这些字段在该字段中仅为空@InitBinder.
@Controller
public class EmployeeController {
@Autowired private GenericDaoImpl<Role, Integer> roleDao;
@Autowired private GenericDaoImpl<Employee, Integer> employeeDao;
@Autowired private EmployeeValidator employeeValidator;
@InitBinder
private void initBinder(WebDataBinder binder) {
// autowired fields are null
binder.setValidator(employeeValidator);
binder.registerCustomEditor(Set.class, "roles", new CustomCollectionEditor(Set.class) {
protected Object convertElement(Object element) {
if (element != null) {
Integer id = new Integer((String) element);
Role role = roleDao.findById(id);
return role;
}
return null;
}
});
}
@PreAuthorize("hasRole('MASTERDATA_VIEW')")
@RequestMapping(value = { "/employees" …spring aspectj spring-mvc spring-mvc-initbinders aspectj-maven-plugin
问题:
我正在寻找一个好的解决方案来验证我的Spring MVC控制器中的数据并使用填充错误Knockout JS。我想像有些类似于<form:errors path="">Spring Tag的东西。该解决方案应提供以下属性:
@ModelAttribute和进行服务器端验证@Valid是否已经存在类似的东西?如果可以提供所需的功能,我也愿意切换到另一个JS框架。(角度,骨干等)
我的自定义解决方案:
我将所有错误存储在一个Map<String, String>键中,其中键是字段名称,值是错误消息,并在Knockout中填充错误。此解决方案的问题在于,验证后KnockoutJS会释放所有未绑定的字段。
验证:
helper.getErrors().put("firstName", messageSourceProvider.getMessage("validation.requiredDefault"));
连载:
JSONSerializer serializer = new JSONSerializer();
serializer.include("helper");
serializer.include("helper.errors");
String json = serializer.serialize(helper);
昏死:
<!-- ko foreach: errors -->
<!-- ko if: key === 'firstName' -->
<span data-bind='text: value' class="spring-error ordinary-tooltip fa fa-lg fa-exclamation-circle"></span>
<!-- /ko -->
<!-- /ko -->
我正在努力用java配置的spring安全性来配置方法安全性.我的配置没有任何问题,直到我在任何控制器中使用@Secured注释.
Spring Security Config:(java config)
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/webjars/**","/css/**", "/less/**","/img/**","/js/**");
}
@Autowired
public void registerGlobal(AuthenticationManagerBuilder auth) throws Exception {
ShaPasswordEncoder shaPasswordEncoder = new ShaPasswordEncoder(256);
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery(getUserQuery())
.authoritiesByUsernameQuery(getAuthoritiesQuery())
.passwordEncoder(shaPasswordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().hasAuthority("BASIC_PERMISSION")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/success-login", true)
.failureUrl("/error-login")
.loginProcessingUrl("/process-login")
.usernameParameter("security_username")
.passwordParameter("security_password")
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/login")
.logoutUrl("/logout")
.permitAll()
.and()
.rememberMe()
.key("04E87501B3F04DB297ADB74FA8BD48CA") …我试图使用Mockito Framework 1.9.5和JUnit 4.11来模拟我的GenericDao对象,但是Mockito总是模拟第一个与该类型匹配的字段.同样符合名称也无济于事.
如API(http://docs.mockito.googlecode.com/hg-history/58d750bb5b94b6e5a554190315811f746b67f578/1.9.5/org/mockito/InjectMocks.html)中所述,Mockito应评估正确的字段以进行模拟.
预期产量:
EmployeeService.absenceDao -> null
EmployeeService.creditDao -> null
EmployeeService.employeeDao -> Mocked object
有效输出:
EmployeeService.absenceDao -> Mocked object
EmployeeService.creditDao -> null
EmployeeService.employeeDao -> nulll
重现情况的代码:
@RunWith(MockitoJUnitRunner.class)
public class EmployeeServiceTest {
@InjectMocks
EmployeeService employeeService;
@Mock(name = "employeeDao")
GenericDao<Employee> employeeDao;
@Test
public void testFindEmployeeByUsername() {
// some tests
}
}
我的类是mock,包含几个GenericDao字段,但我只想模拟employeeDao:
@Service
@Transactional
public class EmployeeService {
@Autowired
private GenericDao<Employee> employeeDao;
@Autowired
private GenericDao<Credit> creditDao;
@Autowired
private GenericDao<Absence> absenceDao;
java ×5
spring ×4
spring-mvc ×4
ajax ×1
angularjs ×1
apache-poi ×1
aspectj ×1
bcrypt ×1
blowfish ×1
fonts ×1
hash ×1
junit ×1
knockout.js ×1
maven ×1
mocking ×1
mockito ×1
tomcat ×1
unit-testing ×1
validation ×1