[英]How to parse the password hash hashed by Spring Security?
I want to migrate my users from my application to an external SSO.我想将我的用户从我的应用程序迁移到外部 SSO。 I want my users to keep their existing passwords, so I'd like to retrieve the hashed password and provide it to the SSO application.我希望我的用户保留他们现有的密码,因此我想检索散列密码并将其提供给 SSO 应用程序。 The algorithm is the same on both sides (pbkdf2-sha256) so it's supposed to work.两边的算法(pbkdf2-sha256)都是一样的,所以它应该可以工作。
Thus I need to be able to retrieve the salt and hashed password from the entry in the database.因此,我需要能够从数据库中的条目中检索盐和散列密码。
My application uses Spring Security.我的应用程序使用 Spring Security。
It seems that I need to do this manually, as the interface PasswordEncoder, which Pbkdf2PasswordEncoder implements, does not provide a way to retrieve the initial elements from the stored value.似乎我需要手动执行此操作,因为 Pbkdf2PasswordEncoder 实现的接口 PasswordEncoder 没有提供从存储值中检索初始元素的方法。
What would be the correct way to achieve this ?实现这一目标的正确方法是什么?
Thanks谢谢
edit:编辑:
Here is my code这是我的代码
Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder("", 27500, 512);
String encoded = encoder.encode("password");
System.out.println(encoded); // prints the hex encoded hashed password: 2a319aaf0252d77e671cf1b074f149f7eed1b362afb47bef84e9b01a8140b26a733cd22df007d68668915c7bd51af9eefda1662216a184fa7eb034c176ce9518fc83f3fd935a2d3d
final byte[] digested = Hex.decode(encoded);
byte[] salt = EncodingUtils.subArray(digested, 0, 7);
byte[] password = EncodingUtils.subArray(digested, 8, digested.length);
System.out.println(new String(Base64.getEncoder().encode(salt))); // prints KjGarwJS134=
System.out.println(new String(Base64.getEncoder().encode(password))); // prints HPGwdPFJ9+7Rs2KvtHvvhOmwGoFAsmpzPNIt8AfWhmiRXHvVGvnu/aFmIhahhPp+sDTBds6VGPyD8/2TWi09
If I then go to this website and enter the following values:如果我然后转到此网站并输入以下值:
Then I would expect the output to match the last output of my code, but this isn't the case.然后我希望输出与我的代码的最后一个输出相匹配,但事实并非如此。
You obviously cannot get the password back from the hash, but I don't think you're asking that.您显然无法从哈希中取回密码,但我认为您不是在问那个。 Here's how you would do it:以下是您的操作方法:
Integer.parseInt(in.substring(x, x + 2), 0x10);
通过 parseInt 每 2 个字符折腾: Integer.parseInt(in.substring(x, x + 2), 0x10);
- the 0x10 at the end is important. - 最后的 0x10 很重要。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.