Security 如何在Quarkus/Wildfly中验证/比较/euqal-BCrypt哈希密码与给定密码
我使用jpa的安全性实现了Security 如何在Quarkus/Wildfly中验证/比较/euqal-BCrypt哈希密码与给定密码,security,jpa,wildfly,quarkus,Security,Jpa,Wildfly,Quarkus,我使用jpa的安全性实现了basic auth。我的所有REST端点现在都可以验证客户端请求的授权头。 密码的验证由框架完成。现在我需要能够用存储的密码散列验证密码 import org.wildfly.security.password.Password; import org.wildfly.security.password.PasswordFactory; import org.wildfly.security.password.WildFlyElytronPasswordProvide
basic auth
。我的所有REST端点现在都可以验证客户端请求的授权
头。
密码的验证由框架完成。现在我需要能够用存储的密码散列验证密码
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.password.interfaces.BCryptPassword;
import org.wildfly.security.password.util.ModularCrypt;
import io.quarkus.elytron.security.common.BcryptUtil;
public class SecurityUtil {
public static void main(String[] args) throws Exception {
String bCryptPasswordHash = BcryptUtil.bcryptHash("Password_1");
String passwordToVerify = "Password_1";
System.out.println(verifyBCryptPassword(bCryptPasswordHash, passwordToVerify)); // -> true
System.out.println(verifyBCryptPassword(bCryptPasswordHash, "NotPassword_1")); // --> false
}
public static boolean verifyBCryptPassword(String bCryptPasswordHash, String passwordToVerify) throws Exception {
WildFlyElytronPasswordProvider provider = new WildFlyElytronPasswordProvider();
// 1. Create a BCrypt Password Factory
PasswordFactory passwordFactory = PasswordFactory.getInstance(BCryptPassword.ALGORITHM_BCRYPT, provider);
// 2. Decode the hashed user password
Password userPasswordDecoded = ModularCrypt.decode(bCryptPasswordHash);
// 3. Translate the decoded user password object to one which is consumable by this factory.
Password userPasswordRestored = passwordFactory.translate(userPasswordDecoded);
// Verify existing user password you want to verify
return passwordFactory.verify(userPasswordRestored, passwordToVerify.toCharArray());
}
}
在默认配置下,用户密码存储为散列,函数为BcryptUtil.bcryptHash(字符串密码)
。我怎么查
如果给定的密码字符串与存储的bcrypt哈希值匹配
- 资料来源:
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.password.interfaces.BCryptPassword;
import org.wildfly.security.password.util.ModularCrypt;
import io.quarkus.elytron.security.common.BcryptUtil;
public class SecurityUtil {
public static void main(String[] args) throws Exception {
String bCryptPasswordHash = BcryptUtil.bcryptHash("Password_1");
String passwordToVerify = "Password_1";
System.out.println(verifyBCryptPassword(bCryptPasswordHash, passwordToVerify)); // -> true
System.out.println(verifyBCryptPassword(bCryptPasswordHash, "NotPassword_1")); // --> false
}
public static boolean verifyBCryptPassword(String bCryptPasswordHash, String passwordToVerify) throws Exception {
WildFlyElytronPasswordProvider provider = new WildFlyElytronPasswordProvider();
// 1. Create a BCrypt Password Factory
PasswordFactory passwordFactory = PasswordFactory.getInstance(BCryptPassword.ALGORITHM_BCRYPT, provider);
// 2. Decode the hashed user password
Password userPasswordDecoded = ModularCrypt.decode(bCryptPasswordHash);
// 3. Translate the decoded user password object to one which is consumable by this factory.
Password userPasswordRestored = passwordFactory.translate(userPasswordDecoded);
// Verify existing user password you want to verify
return passwordFactory.verify(userPasswordRestored, passwordToVerify.toCharArray());
}
}