I'd like to add a user login verification function to my application. My website is based on another one which uses a complex hash to transform the real password regular and then saves it to the database. The regular created a salt and save it to user table, like this:
String salt = HashKit.generateSaltForSha256();
password = HashKit.sha256(salt + password);
user.setPassword(password).setSalt(salt).save();
When the user logs in, the original application will get salt from the database like this:
User user = dao.find(username);
password = HashKit.sha256(user.getSalt() + password);
if (password.equels(user.getPassword())){ Login Success! }
But, now I want to using Spring Boot to rewrite that application, and use Spring Security to validate login, like this:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DruidPlugin druidPlugin;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(druidPlugin.getDataSource())
.usersByUsernameQuery(
"select userName username, password, true from account where userName=?"
)
.authoritiesByUsernameQuery(
"select userName username, 'ROLE_USER' from account where userName=?"
)
.passwordEncoder(new PasswordEncoder() {
@Override
public String encode(CharSequence password) {
String salt = HashKit.generateSaltForSha256();
password = HashKit.sha256(salt + password);
return password.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return false;
}
});
}
}
How can I get user data from database in PasswordEncoder
?
I think, DaoAuthenticationProvider
should solve your problem. We need to provide the service instance and the password encoder to it.
Once configured, we need to set it to the AuthenticationManagerBuilder.
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider());
}
Reference here
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.