使用Spring 3安全性对密码进行加密
[英]Salting a password with spring 3 security
问题描述
I was trying the whole day to find out or google, how to add salt to my hashed password during authentication via Spring 3 security and make it all to work together. 
我整天都在尝试寻找或使用Google,如何在通过Spring 3 security进行身份验证的过程中将salt添加到我的哈希密码中,并使它们一起工作。 Without salt it works just fine. 不加盐就可以。
<!-- authentication from database -->
<security:authentication-manager>
<security:authentication-provider>
<security:password-encoder hash='md5'/>
<security:jdbc-user-service
data-source-ref='dataSource'
users-by-username-query="
select username,password, salt
from users where username=?"
authorities-by-username-query="
select u.username, ur.authority from users u, user_roles ur
where u.user_id = ur.user_id and u.username =? " />
</security:authentication-provider>
</security:authentication-manager>
And if I'd like to create salted pasword, it's done just by user.setPassword(md5(somePassword+someSalt)); 而且,如果我想创建加盐的pasword,只需通过user.setPassword(md5(somePassword+someSalt)); Thanks for any advice. 感谢您的任何建议。
1 个解决方案
解决方案1
1 已采纳 2013-08-21 22:26:57
Spring security uses the following pattern for password encoding with salts: Spring Security使用以下模式对带有Salt的密码进行编码 :
md5(password+"{"+salt+"}")
I would however use sha instead of md5. 但是,我将使用sha而不是md5。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.