java 如果我使用 Md5PasswordEncoder 进行密码加密,如何在 spring 安全配置中配置 passwordEncoder?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/42340220/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to configure passwordEncoder in spring security config if i use Md5PasswordEncoder for password encryption?
提问by Hymanson Baby
Encryption
Md5PasswordEncoder md5PasswordEncoder =new Md5PasswordEncoder();
md5PasswordEncoder.encodePassword(userRegistrationInfo.getPassword(),AppConstants.MD5_PASSWORD_ENCODER_SALT);
Spring Security Configuration
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
I need to use org.springframework.security.authentication.encoding.Md5PasswordEncoder for my password encryption. but I don't know how to configure passwordEncoder() in Spring security configuration
我需要使用 org.springframework.security.authentication.encoding.Md5PasswordEncoder 来加密我的密码。但我不知道如何在 Spring 安全配置中配置 passwordEncoder()
回答by Nick Savenia
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(customUserDetailsService)
.passwordEncoder(passwordEncoder());
}
}
@Bean
public PasswordEncoder passwordEncoder(){
//implements PasswordEncoder and overide encode method with the MD5 protocol
return new MD5PasswordEncoder();
}
回答by Hymanson Baby
Security Config
安全配置
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new FlasherPasswordEncoder();
return encoder;
}
PasswordEncoder MyOwn Implementation
PasswordEncoder MyOwn 实现
package com.flasher.config;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
public class FlasherPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence rawPassword) {
return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT);
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT)
.equals(encodedPassword);
}
}
回答by Rainer
Not sure what your problem is. Md5PasswordEncoder has an emtpy constructor so you can simply
不确定你的问题是什么。Md5PasswordEncoder 有一个空构造函数,所以你可以简单地
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder ">
</bean>
And then pass it to your AuthenticationProvider (for example DaoAuthenticationProvider)
然后将其传递给您的 AuthenticationProvider(例如 DaoAuthenticationProvider)
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<ref bean="yourUserDetailsService"/>
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder"/>
</property>
</bean>
UPDATE: the op commented, that he is using a salt. That depends also on your authentication provider. If your are using the DaoAuthenticationProvideryou can use the setSaltSourceto set your salt source. Just add another property to the config refering to your salt-source-bean.
更新:操作员评论说,他正在使用盐。这也取决于您的身份验证提供商。如果您使用DaoAuthenticationProvider,您可以使用setSaltSource来设置您的盐源。只需将另一个属性添加到引用您的 salt-source-bean 的配置中。
回答by Monzurul Haque Shimul
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new Md5PasswordEncoder();
return encoder;
}
回答by TungHarry
Spring Security 5 has been removed Md5PasswordEncoder.If you want to use MD5 encode you can customize :
Spring Security 5 已删除 Md5PasswordEncoder。如果您想使用 MD5 编码,您可以自定义:
@Bean
public PasswordEncoder passwordEncoder() {
return new PasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return getMd5(charSequence.toString());
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return getMd5(charSequence.toString()).equals(s);
}
};
}
public static String getMd5(String input) {
try {
// Static getInstance method is called with hashing SHA
MessageDigest md = MessageDigest.getInstance("MD5");
// digest() method called
// to calculate message digest of an input
// and return array of byte
byte[] messageDigest = md.digest(input.getBytes());
// Convert byte array into signum representation
BigInteger no = new BigInteger(1, messageDigest);
// Convert message digest into hex value
String hashtext = no.toString(16);
while (hashtext.length() < 32) {
hashtext = "0" + hashtext;
}
return hashtext;
}
// For specifying wrong message digest algorithms
catch (NoSuchAlgorithmException e) {
System.out.println("Exception thrown"
+ " for incorrect algorithm: " + e);
return null;
}
}
