[英]Spring boot security encoding password easily
编辑:
我找到的最简单的方法是:
@SuppressWarnings("deprecation")
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"SELECT username, password, abilitazione FROM public.utenti WHERE username=?")
.passwordEncoder(passwordEncoder())
.authoritiesByUsernameQuery(
"SELECT username, ruolo FROM public.ruoli_utente WHERE username=?");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//omitted for brevity
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
在我的dao类中,我像这样添加用户:
public void addElement(Utente u) {
String password = u.getPassword();
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String hashedPassword = passwordEncoder.encode(password);
u.setPassword(hashedPassword);
jdbcTemplate.update("INSERT INTO public.utenti(username, password, abilitazione, email, nome, cognome) VALUES (?, ?, ?, ?, ?, ?)",
new Object[] {u.getUsername(), u.getPassword(), u.getAbilitazione(), u.getEmail(), u.getNome(), u.getCognome()});
}
我想以一种超级简单的方式来加密和解密密码,如果它不是超级安全的话也没关系,只是出于我的目的而必须是安全的。 因此,我在数据库中添加了加密密码。 用户进行身份验证时,即使我将其解码也无法识别密码。 我这样做是这样的:
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"SELECT username, decode(password,'base64'), abilitazione FROM public.utenti WHERE username=?")
.authoritiesByUsernameQuery(
"SELECT username, ruolo FROM public.ruoli_utente WHERE username=?");
}
}
它可以以类似的方式工作(直接在usersByUsernameQuery方法中解码),或者我必须声明一些用于解码的bean?
我是用这种方式做到的,而且看起来很干净而且可以接受更改。
在您的应用程序类中:
@Bean
public ApplicationSecurity applicationSecurity() {
return new ApplicationSecurity();
}
您的应用程序安全等级
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailSecurityService userDetailSecurityService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/ace/**",
"/app/**",
"/jquery/**",
"/bootstrap/**",
"/font-awesome/**",
"/jstree/**",
"/img/**").permitAll().anyRequest()
.fullyAuthenticated();
http.csrf().disable().formLogin().loginPage("/login").failureUrl("/login?error=1").permitAll().defaultSuccessUrl("/configurator").and().logout().permitAll();
http.headers().frameOptions().disable().addHeaderWriter(new StaticHeadersWriter("X-FRAME-OPTIONS", "SAMEORIGIN"));
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailSecurityService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
return new MD5PasswordEncoder();
}
}
以及类MDPasswordEncoder或您要使用的任何实现:
public class MD5PasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence charSequence) {
String encPass = "";
try {
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] digest = md.digest(charSequence.toString().getBytes());
byte[] b64 = Base64.encodeBase64(digest);
encPass = new String(b64);
encPass = encPass.replaceAll("=", "");
}catch(Exception ex){
logger.error("An exception trying to encode a password", ex);
}
return encPass;
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return encode(charSequence).equals(s);
}
}
public interface UserDetailsService {
UserDetails loadUserByUsername(String var1) throws UsernameNotFoundException;
}
@Service
public class UserDetailSecurityService implements UserDetailsService{
//Here your user service implementation
@Autowired
UserService userService;
//yuou need to oeverride this method name
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// you need to create a method in your service to find users by name
return userService.findByUsername(username);
}
}
在这种情况下,如果您需要更改为新的编码器方法,则只需使用适当的系统来实现新类即可,
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.