First read Steven Carlson′s answerabout password hashing.

首先阅读Steven Carlson关于密码散列的回答。

The good thing is that Spring Security will do this for you. Spring Security 3.2 introduced the new org.springframework.security.crypto.password.PasswordEncoderinterface and some implementations: BCryptPasswordEncoder, StandardPasswordEncoder(and NoOpPasswordEncoder).

好消息是 Spring Security 会为你做这件事。Spring Security 3.2 引入了新的org.springframework.security.crypto.password.PasswordEncoder接口和一些实现：BCryptPasswordEncoder、StandardPasswordEncoder（和NoOpPasswordEncoder）。

Important: Do not confuse org.springframework.security.crypto.password.PasswordEncoderwith the old deprecated org.springframework.security.authentication.encoding.PasswordEncoder

重要提示：不要与旧的已弃用org.springframework.security.crypto.password.PasswordEncoderorg.springframework.security.authentication.encoding.PasswordEncoder

The interface (and therefore the implementations) has the two methods you need:

接口（以及实现）具有您需要的两种方法：

• public String encode(CharSequence rawPassword)
• public boolean matches(CharSequence rawPassword, String encodedPassword)

• public String encode(CharSequence rawPassword)
• public boolean matches(CharSequence rawPassword, String encodedPassword)

I recommend to use org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder. The BCryptPasswordEncoder(in contrast to the StandardPasswordEncoder) use an salt that is different for each password (but not global like the one from StandardPasswordEncoder). When you encode a raw password (public String encode(CharSequence rawPassword)) then the returned encoded password is not just the encoded password, it also contains some meta information about the used hash-algorithm, the used salt and of course the encoded password.

我建议使用org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder. 的BCryptPasswordEncoder（在对比的StandardPasswordEncoder）使用的盐是每个密码（但不是像全球从所述一个不同StandardPasswordEncoder）。当您对原始密码 ( public String encode(CharSequence rawPassword)) 进行编码时，返回的编码密码不仅是编码密码，它还包含有关使用的哈希算法、使用的盐以及编码密码的一些元信息。

You should not be "encrypting" the password at all. I know this sounds counter-intuitive. But there is zero reason your system should need to decrypt the password. To do so would open your database to a hacker, because if you store your decryption password in your codes/server a hacker can steal that information.

您根本不应该“加密”密码。我知道这听起来违反直觉。但是您的系统需要解密密码的理由为零。这样做会向黑客打开您的数据库，因为如果您将解密密码存储在您的代码/服务器中，黑客可以窃取该信息。

The correct process is to hashthe password. A hash is a one-way (cannot be decypted back to the original text) process. The current standard would be to use SHA256 to hash your password. Here is a basic flow-chart:

正确的过程是要hash密码。散列是一种单向（无法解密回原始文本）过程。当前的标准是使用 SHA256 来散列您的密码。这是一个基本的流程图：

1. Take user submitted password. Example password "mypass" would hash out to ea71c25a7a602246b4c39824b855678894a96f43bb9b71319c39700a1e045222
2. Store this hash (ea71c25a7a602246b4c39824b855678894a96f43bb9b71319c39700a1e045222) in your database.

1. 获取用户提交的密码。示例密码“mypass”将散列到ea71c25a7a602246b4c39824b855678894a96f43bb9b71319c39700a1e045222
2. 将此哈希 ( ea71c25a7a602246b4c39824b855678894a96f43bb9b71319c39700a1e045222)存储在您的数据库中。

When a user logs in you take the password he just submitted and hash it. If he enters the same password it will hash out to the same value in your database.

当用户登录时，您使用他刚刚提交的密码并对其进行哈希处理。如果他输入相同的密码，它将散列到您的数据库中的相同值。

When a user goes to change passwords you hash the "enter your old password" to verify the old password still matches, if it does you hash the "enter your new password" and save it.

当用户更改密码时，您对“输入旧密码”进行哈希处理以验证旧密码仍然匹配，如果是，则对“输入新密码”进行哈希处理并保存。

One thing I did not mention in my example is salt. This is something you must use in your system as it protects your data from rainbow tableexploits. But that is for another discussion.

我在示例中没有提到的一件事是salt. 这是您必须在系统中使用的东西，因为它可以保护您的数据免受rainbow table攻击。但那是另一个讨论。

Hope this helps :)

希望这可以帮助 ：）