Fatal编程技术网
  • java/
  • Java 如果我使用Md5PasswordEncoder进行密码加密,如何在spring安全配置中配置passwordEncoder?

Java 如果我使用Md5PasswordEncoder进行密码加密,如何在spring安全配置中配置passwordEncoder?

java spring spring-mvc spring-boot

Java 如果我使用Md5PasswordEncoder进行密码加密,如何在spring安全配置中配置passwordEncoder?,java,spring,spring-mvc,spring-boot,Java,Spring,Spring Mvc,Spring Boot,我需要使用org.springframework.security.authentication.encoding.Md5PasswordEncoder进行密码加密。但是我不知道如何在Spring安全配置中配置passwordEncoder()。Md5PasswordEncoder有一个emtpy构造函数,因此您可以 Encryption Md5PasswordEncoder md5PasswordEncoder =new Md5PasswordEncoder(); md5P

我需要使用org.springframework.security.authentication.encoding.Md5PasswordEncoder进行密码加密。但是我不知道如何在Spring安全配置中配置passwordEncoder()。Md5PasswordEncoder有一个emtpy构造函数,因此您可以

Encryption


Md5PasswordEncoder md5PasswordEncoder =new Md5PasswordEncoder();
        md5PasswordEncoder.encodePassword(userRegistrationInfo.getPassword(),AppConstants.MD5_PASSWORD_ENCODER_SALT);




Spring Security Configuration

@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

@Bean
    public PasswordEncoder passwordEncoder(){
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .userDetailsService(customUserDetailsService)
                .passwordEncoder(passwordEncoder());
    }
}



@Bean
public PasswordEncoder passwordEncoder(){
    //implements PasswordEncoder and overide encode method with the MD5 protocol
    return new MD5PasswordEncoder();
}
然后将其传递给AuthenticationProvider(例如DAOAAuthenticationProvider)
更新:op评论说,他正在使用一种盐。 这还取决于您的身份验证提供商。如果您正在使用,则可以使用设置盐源。只需将另一个属性添加到引用盐源bean的配置中

安全配置

<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <property name="userDetailsService">
        <ref bean="yourUserDetailsService"/>
    </property>
    <property name="passwordEncoder">
        <ref bean="passwordEncoder"/>
    </property>
</bean>
密码编码器MyOwn实现

Spring Security 5已删除Md5PasswordEncoder。如果要使用MD5 encode,可以自定义:

        package com.flasher.config;

        import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
        import org.springframework.security.crypto.password.PasswordEncoder;

        public class FlasherPasswordEncoder implements PasswordEncoder {

            @Override
            public String encode(CharSequence rawPassword) {
                return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT);

            }

            @Override
            public boolean matches(CharSequence rawPassword, String encodedPassword) {
                return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT)
                        .equals(encodedPassword);
            }

        }

@Bean
公共密码编码器PasswordEncoder(){
返回新的PasswordEncoder(){
@凌驾
公共字符串编码(CharSequence CharSequence){
返回getMd5(charSequence.toString());
}
@凌驾
公共布尔匹配(CharSequence CharSequence,字符串s){
返回getMd5(charSequence.toString()).equals;
}
};
}
公共静态字符串getMd5(字符串输入){
试一试{
//使用哈希SHA调用静态getInstance方法
MessageDigest md=MessageDigest.getInstance(“MD5”);
//调用了digest()方法
//计算输入的消息摘要的步骤
//和返回字节数组
byte[]messageDigest=md.digest(input.getBytes());
//将字节数组转换为符号表示
BigInteger否=新的BigInteger(1,messageDigest);
//将消息摘要转换为十六进制值
字符串hashtext=no.toString(16);
while(hashtext.length()<32){
hashtext=“0”+hashtext;
}
返回hashtext;
}
//用于指定错误的消息摘要算法
捕获(无算法异常){
System.out.println(“抛出异常”
+“对于不正确的算法:”+e);
返回null;
}
}
将上述代码粘贴到SecurityConfig类下的以下代码下面:

啊,现在你编辑了你的问题。。。不管怎么说,我把这个放在这里,但我使用salt来编码md5PasswordEncoder md5PasswordEncoder=new md5PasswordEncoder();md5PasswordEncoder.encodePassword(userRegistrationInfo.getPassword(),AppConstants.MD5_PASSWORD_ENCODER_SALT);2017年的md5?你在开玩笑吗?你能建议任何安全加密吗?BCryptPasswordEncoder这对我不起作用。调试时,它首先进入编码(CharSequence CharSequence)方法,这里CharSequence等于userNotFoundPassword。在这个matches()之后,比较'userNotFoundPassword'的md5散列和收到的密码散列,当然返回false 
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        PasswordEncoder encoder = new Md5PasswordEncoder();
        return encoder;
    }

                    @Autowired
                    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
                        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
                    }


            @Bean
                public PasswordEncoder passwordEncoder(){
                    PasswordEncoder encoder = new FlasherPasswordEncoder();
                    return encoder;
                }

        package com.flasher.config;

        import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
        import org.springframework.security.crypto.password.PasswordEncoder;

        public class FlasherPasswordEncoder implements PasswordEncoder {

            @Override
            public String encode(CharSequence rawPassword) {
                return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT);

            }

            @Override
            public boolean matches(CharSequence rawPassword, String encodedPassword) {
                return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT)
                        .equals(encodedPassword);
            }

        }

@Bean
public PasswordEncoder passwordEncoder() {
    return new PasswordEncoder() {
        @Override
        public String encode(CharSequence charSequence) {
            return getMd5(charSequence.toString());
        }

        @Override
        public boolean matches(CharSequence charSequence, String s) {
            return getMd5(charSequence.toString()).equals(s);
        }
    };
}

public static String getMd5(String input) {
    try {
        // Static getInstance method is called with hashing SHA
        MessageDigest md = MessageDigest.getInstance("MD5");

        // digest() method called
        // to calculate message digest of an input
        // and return array of byte
        byte[] messageDigest = md.digest(input.getBytes());

        // Convert byte array into signum representation
        BigInteger no = new BigInteger(1, messageDigest);

        // Convert message digest into hex value
        String hashtext = no.toString(16);

        while (hashtext.length() < 32) {
            hashtext = "0" + hashtext;
        }

        return hashtext;
    }

    // For specifying wrong message digest algorithms
    catch (NoSuchAlgorithmException e) {
        System.out.println("Exception thrown"
                + " for incorrect algorithm: " + e);
        return null;
    }
}

@Bean
public PasswordEncoder passwordEncoder(){
//MD5 encoder implementation
return new MD5PasswordEncoder();
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) 
throws Exception {
authenticationManagerBuilder.userDetailsService(userDetailsService)
            .passwordEncoder(passwordEncoder());
}