[英]Upgrading Spring Security PasswordEncoder
Upgrading from:升级自:
import org.springframework.security.authentication.encoding.PasswordEncoder;
@Override
public String encodePassword(String plainPassword, Object salt) {
final String finalSalt = salt != null ? salt.toString() : "";
return DigestUtils.md5Hex(finalSalt + plainPassword);
}
@Override
public boolean isPasswordValid(String encodedPassword, String plainPassword, Object salt) {
final String enteredPassword = encodePassword(plainPassword, salt);
return encodedPassword.equals(enteredPassword);
}
To:至:
import org.springframework.security.crypto.password.PasswordEncoder;
@Override
public String encode(CharSequence rawPassword) {
final String finalSalt = salt != null ? salt.toString() : "";
return DigestUtils.md5Hex(finalSalt + plainPassword);
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
final String enteredPassword = encodePassword(plainPassword, salt);
return encodedPassword.equals(enteredPassword);
}
salt
?salt
?rawPassword
to String
to replace plainPassword
?rawPassword
转换为String
来替换plainPassword
?The new methods expect that salt is part of the encoded password.新方法期望盐是编码密码的一部分。 As per
PasswordEncoder.encoder()
javadoc :根据
PasswordEncoder.encoder()
javadoc :
Encode the raw password.
对原始密码进行编码。 Generally, a good encoding algorithm applies a SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt.
通常,一个好的编码算法应用 SHA-1 或更大的 hash 结合 8 字节或更大的随机生成的盐。
If you look at this answer it shows how BCryptPasswordEncoder
encodes salt in the encoded password.如果您查看此答案,它会显示
BCryptPasswordEncoder
如何在编码密码中编码盐。 The actual BCrypt encoded password format is explained here .此处解释了实际的 BCrypt 编码密码格式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.