[英]How to configure passwordEncoder in spring security config if i use Md5PasswordEncoder for password encryption?
Encryption
Md5PasswordEncoder md5PasswordEncoder =new Md5PasswordEncoder();
md5PasswordEncoder.encodePassword(userRegistrationInfo.getPassword(),AppConstants.MD5_PASSWORD_ENCODER_SALT);
Spring Security Configuration
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
我需要使用 org.springframework.security.authentication.encoding.Md5PasswordEncoder 来加密我的密码。 但我不知道如何在 Spring 安全配置中配置 passwordEncoder()
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(customUserDetailsService)
.passwordEncoder(passwordEncoder());
}
}
@Bean
public PasswordEncoder passwordEncoder(){
//implements PasswordEncoder and overide encode method with the MD5 protocol
return new MD5PasswordEncoder();
}
安全配置
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new FlasherPasswordEncoder();
return encoder;
}
PasswordEncoder MyOwn 实现
package com.flasher.config;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
public class FlasherPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence rawPassword) {
return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT);
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT)
.equals(encodedPassword);
}
}
不确定你的问题是什么。 Md5PasswordEncoder 有一个空的构造函数,所以你可以简单地
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder ">
</bean>
然后将其传递给您的 AuthenticationProvider(例如 DaoAuthenticationProvider)
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<ref bean="yourUserDetailsService"/>
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder"/>
</property>
</bean>
更新:操作员评论说,他正在使用盐。 这也取决于您的身份验证提供商。 如果您使用DaoAuthenticationProvider,您可以使用setSaltSource来设置您的盐源。 只需将另一个属性添加到引用您的 salt-source-bean 的配置中。
Spring Security 5 已删除 Md5PasswordEncoder。如果您想使用 MD5 编码,您可以自定义:
@Bean
public PasswordEncoder passwordEncoder() {
return new PasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return getMd5(charSequence.toString());
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return getMd5(charSequence.toString()).equals(s);
}
};
}
public static String getMd5(String input) {
try {
// Static getInstance method is called with hashing SHA
MessageDigest md = MessageDigest.getInstance("MD5");
// digest() method called
// to calculate message digest of an input
// and return array of byte
byte[] messageDigest = md.digest(input.getBytes());
// Convert byte array into signum representation
BigInteger no = new BigInteger(1, messageDigest);
// Convert message digest into hex value
String hashtext = no.toString(16);
while (hashtext.length() < 32) {
hashtext = "0" + hashtext;
}
return hashtext;
}
// For specifying wrong message digest algorithms
catch (NoSuchAlgorithmException e) {
System.out.println("Exception thrown"
+ " for incorrect algorithm: " + e);
return null;
}
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new Md5PasswordEncoder();
return encoder;
}
@Bean
public PasswordEncoder passwordEncoder(){
//MD5 encoder implementation
return new MD5PasswordEncoder();
}
将上述代码粘贴到SecurityConfig Class下的以下代码下方:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder)
throws Exception {
authenticationManagerBuilder.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.