Java Spring:密码加密
以下是我的看法:Java Spring:密码加密,java,spring,web,thymeleaf,Java,Spring,Web,Thymeleaf,以下是我的看法: Регистрация Создайте учётную запись 当我按submit时,所有属性(pass、nick、email)都会转到我的控制器,其中有一部分 @RequestMapping(value="/register", method=RequestMethod.GET) public ModelAndView displayRegistration(ModelAndView modelAndView, User user) { modelAndV
Регистрация
Создайте учётную запись
当我按submit时,所有属性(pass、nick、email)都会转到我的控制器,其中有一部分
@RequestMapping(value="/register", method=RequestMethod.GET)
public ModelAndView displayRegistration(ModelAndView modelAndView, User user)
{
modelAndView.addObject("user", user);
modelAndView.setViewName("register");
return modelAndView;
}
@RequestMapping(value="/register", method=RequestMethod.POST)
public ModelAndView registerUser(ModelAndView modelAndView, User user)
{
User existingUser = userRepository.findByUserEmailIgnoreCase(user.getUserEmail());
if(existingUser != null)
{
modelAndView.addObject("message","This email already exists!");
modelAndView.setViewName("error");
}
else
{
userRepository.save(user);
我需要将密码加密添加到我的应用程序中,因此,据我所知,我需要从模型对象中提取密码属性,对其进行加密并将其放回原处。如何提取属性并将其返回到模型对象?您可以从用户处获取密码,使用Spring encoder对其进行加密,然后将其再次设置为用户密码,您的代码如下:
//import the Spring encoder
import org.springframework.security.crypto.password.PasswordEncoder;
@RequestMapping(value="/register", method=RequestMethod.POST)
public ModelAndView registerUser(ModelAndView modelAndView, User user) {
// creating the instance class to use it
private final PasswordEncoder passwordEncoder;
User existingUser =userRepository.findByUserEmailIgnoreCase(user.getUserEmail());
if(existingUser != null)
{
modelAndView.addObject("message","This email already exists!");
modelAndView.setViewName("error");
}
else
{ //encrypt the password here
String encryptedPassword = passwordEncoder.encode(user.getPassword());
user.setPassword(encryptedPassword);
userRepository.save(user);
您可以在Spring中找到有关PasswordEncoder接口的更多信息。getPassword()允许获取密码
user.setPassword()
允许设置密码。这就是你要问的吗?请注意,不应加密密码。它们应该先被腌制,然后使用一种强而慢的散列算法(BCrypt或PBKDF2)进行散列。请参阅了解原因。密码编码器不执行加密。在链接中记录的每个案例中,它都执行安全哈希。