简体繁体 English

带有哈希密码的Spring TokenBasedRememberMeServices

[英]Spring TokenBasedRememberMeServices with hashed password

原文 2013-04-20 14:40:35 5 1 java/ security/ spring-security/ token

I am using StandardPasswordEncoder which hashes the password using SHA-256 with 1024 iterations and 8-byte salt. 我正在使用StandardPasswordEncoder ，它使用具有1024次迭代和8字节盐的SHA-256哈希密码。 I was looking at TokenBasedRememberMeServices for doing a similar thing or at least using it but there is a problem with the salt. 我一直在看TokenBasedRememberMeServices做类似的事情或至少使用它，但是盐有问题。 According to the documentation, the token consists of the following: 根据文档，令牌包含以下内容：

username + ":" + expiryTime + ":" + Md5Hex(username + ":" + expiryTime + ":" + password + ":" + key) 用户名+“：” + expiryTime +“：” + Md5Hex（用户名+“：” + expiryTime +“：” +密码+“：” +键）

But the problem is that the Md5Hex part will differ because of salt, and there is no way to separate it IMO. 但是问题在于，由于盐的缘故，Md5Hex部件会有所不同，因此无法将其分离为IMO。 Does TokenBasedRememberMeServices work with salted passwords? TokenBasedRememberMeServices是否可以使用加盐密码？ If not, how would you recommend doing an alternative token? 如果不是，您将如何建议您做一个替代令牌？ Is there any way to do it without using a persistent store? 有什么方法可以不使用永久性存储呢？

1 个解决方案

在研究了此问题之后，事实证明，无法使用带有令牌的加盐密码，因此必须发送普通密码。

如何解析 Spring Security 散列的密码哈希？ - How to parse the password hash hashed by Spring Security?

如何将文本密码与使用 spring 数据 jpa 散列的密码进行比较？ - How to compare text password to password that is hashed using spring data jpa?

哈希密码 - hashed password

Spring Security-使用BCrypt哈希密码的用户身份验证（错误的凭证错误） - Spring Security - user authentication with BCrypt hashed password (bad credentials error)

Spring Boot，MySQL：如何使用哈希密码进行数据库身份验证？ - Spring Boot, MySQL: How to do a database authentication with a hashed password?

哈希数据库密码[休眠] - Hashed Database Password [Hibernate]

JCIFS使用哈希密码进行身份验证 - JCIFS authenticate with hashed password

存储哈希密码 - Storing hashed password

我正在关注基于Spring xml的配置，因此如何在spring-security.xml文件中配置TokenBasedRememberMeServices？ - I am following spring xml based configuraiton so How TokenBasedRememberMeServices configuration in spring-security.xml file?

BCryptPasswordEncoder 散列密码的单元测试 - Unit testing of BCryptPasswordEncoder hashed password

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何解析 Spring Security 散列的密码哈希？ - How to parse the password hash hashed by Spring Security? 如何将文本密码与使用 spring 数据 jpa 散列的密码进行比较？ - How to compare text password to password that is hashed using spring data jpa? 哈希密码 - hashed password Spring Security-使用BCrypt哈希密码的用户身份验证（错误的凭证错误） - Spring Security - user authentication with BCrypt hashed password (bad credentials error) Spring Boot，MySQL：如何使用哈希密码进行数据库身份验证？ - Spring Boot, MySQL: How to do a database authentication with a hashed password? 哈希数据库密码[休眠] - Hashed Database Password [Hibernate] JCIFS使用哈希密码进行身份验证 - JCIFS authenticate with hashed password 存储哈希密码 - Storing hashed password 我正在关注基于Spring xml的配置，因此如何在spring-security.xml文件中配置TokenBasedRememberMeServices？ - I am following spring xml based configuraiton so How TokenBasedRememberMeServices configuration in spring-security.xml file? BCryptPasswordEncoder 散列密码的单元测试 - Unit testing of BCryptPasswordEncoder hashed password

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM