Java 如果我使用Md5PasswordEncoder进行密码加密,如何在spring安全配置中配置passwordEncoder?
我需要使用org.springframework.security.authentication.encoding.Md5PasswordEncoder进行密码加密。但是我不知道如何在Spring安全配置中配置passwordEncoder()。Md5PasswordEncoder有一个emtpy构造函数,因此您可以Java 如果我使用Md5PasswordEncoder进行密码加密,如何在spring安全配置中配置passwordEncoder?,java,spring,spring-mvc,spring-boot,Java,Spring,Spring Mvc,Spring Boot,我需要使用org.springframework.security.authentication.encoding.Md5PasswordEncoder进行密码加密。但是我不知道如何在Spring安全配置中配置passwordEncoder()。Md5PasswordEncoder有一个emtpy构造函数,因此您可以 Encryption Md5PasswordEncoder md5PasswordEncoder =new Md5PasswordEncoder(); md5P
Encryption
Md5PasswordEncoder md5PasswordEncoder =new Md5PasswordEncoder();
md5PasswordEncoder.encodePassword(userRegistrationInfo.getPassword(),AppConstants.MD5_PASSWORD_ENCODER_SALT);
Spring Security Configuration
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(customUserDetailsService)
.passwordEncoder(passwordEncoder());
}
}
@Bean
public PasswordEncoder passwordEncoder(){
//implements PasswordEncoder and overide encode method with the MD5 protocol
return new MD5PasswordEncoder();
}
然后将其传递给AuthenticationProvider(例如DAOAAuthenticationProvider)
更新:op评论说,他正在使用一种盐。
这还取决于您的身份验证提供商。如果您正在使用,则可以使用设置盐源。只需将另一个属性添加到引用盐源bean的配置中 安全配置
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<ref bean="yourUserDetailsService"/>
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder"/>
</property>
</bean>
密码编码器MyOwn实现
Spring Security 5已删除Md5PasswordEncoder。如果要使用MD5 encode,可以自定义:
package com.flasher.config;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
public class FlasherPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence rawPassword) {
return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT);
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT)
.equals(encodedPassword);
}
}
@Bean
公共密码编码器PasswordEncoder(){
返回新的PasswordEncoder(){
@凌驾
公共字符串编码(CharSequence CharSequence){
返回getMd5(charSequence.toString());
}
@凌驾
公共布尔匹配(CharSequence CharSequence,字符串s){
返回getMd5(charSequence.toString()).equals;
}
};
}
公共静态字符串getMd5(字符串输入){
试一试{
//使用哈希SHA调用静态getInstance方法
MessageDigest md=MessageDigest.getInstance(“MD5”);
//调用了digest()方法
//计算输入的消息摘要的步骤
//和返回字节数组
byte[]messageDigest=md.digest(input.getBytes());
//将字节数组转换为符号表示
BigInteger否=新的BigInteger(1,messageDigest);
//将消息摘要转换为十六进制值
字符串hashtext=no.toString(16);
while(hashtext.length()<32){
hashtext=“0”+hashtext;
}
返回hashtext;
}
//用于指定错误的消息摘要算法
捕获(无算法异常){
System.out.println(“抛出异常”
+“对于不正确的算法:”+e);
返回null;
}
}
将上述代码粘贴到SecurityConfig类下的以下代码下面:
啊,现在你编辑了你的问题。。。不管怎么说,我把这个放在这里,但我使用salt来编码md5PasswordEncoder md5PasswordEncoder=new md5PasswordEncoder();md5PasswordEncoder.encodePassword(userRegistrationInfo.getPassword(),AppConstants.MD5_PASSWORD_ENCODER_SALT);2017年的md5?你在开玩笑吗?你能建议任何安全加密吗?BCryptPasswordEncoder这对我不起作用。调试时,它首先进入编码(CharSequence CharSequence)方法,这里CharSequence等于userNotFoundPassword。在这个matches()之后,比较'userNotFoundPassword'的md5散列和收到的密码散列,当然返回false
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new Md5PasswordEncoder();
return encoder;
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new FlasherPasswordEncoder();
return encoder;
}
package com.flasher.config;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
public class FlasherPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence rawPassword) {
return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT);
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT)
.equals(encodedPassword);
}
}
@Bean
public PasswordEncoder passwordEncoder() {
return new PasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return getMd5(charSequence.toString());
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return getMd5(charSequence.toString()).equals(s);
}
};
}
public static String getMd5(String input) {
try {
// Static getInstance method is called with hashing SHA
MessageDigest md = MessageDigest.getInstance("MD5");
// digest() method called
// to calculate message digest of an input
// and return array of byte
byte[] messageDigest = md.digest(input.getBytes());
// Convert byte array into signum representation
BigInteger no = new BigInteger(1, messageDigest);
// Convert message digest into hex value
String hashtext = no.toString(16);
while (hashtext.length() < 32) {
hashtext = "0" + hashtext;
}
return hashtext;
}
// For specifying wrong message digest algorithms
catch (NoSuchAlgorithmException e) {
System.out.println("Exception thrown"
+ " for incorrect algorithm: " + e);
return null;
}
}
@Bean
public PasswordEncoder passwordEncoder(){
//MD5 encoder implementation
return new MD5PasswordEncoder();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder)
throws Exception {
authenticationManagerBuilder.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}