spring-security 如果我使用Md5PasswordEncoder进行密码加密,如何在Spring安全配置中配置passwordEncoder?

mfpqipee  于 2022-11-11  发布在  Spring
关注(0)|答案(6)|浏览(316)

加密

Md5PasswordEncoder md5PasswordEncoder = new Md5PasswordEncoder();
md5PasswordEncoder.encodePassword(
    userRegistrationInfo.getPassword(), 
    AppConstants.MD5_PASSWORD_ENCODER_SALT);

Spring安全性配置

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 

   auth
      .userDetailsService(userDetailsService)
      .passwordEncoder(passwordEncoder());
}

@Bean
public PasswordEncoder passwordEncoder() {
    PasswordEncoder encoder = new BCryptPasswordEncoder();
    return encoder;
}

我需要使用org.springframework.security.authentication.encoding.Md5PasswordEncoder进行密码加密,但是我不知道如何在Spring安全配置中配置passwordEncoder()

093gszye

093gszye1#

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .userDetailsService(customUserDetailsService)
                .passwordEncoder(passwordEncoder());
    }
}

@Bean
public PasswordEncoder passwordEncoder(){
    //implements PasswordEncoder and overide encode method with the MD5 protocol
    return new MD5PasswordEncoder();
}
ghhaqwfi

ghhaqwfi2#

安全配置

@Autowired
                    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
                        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
                    }

            @Bean
                public PasswordEncoder passwordEncoder(){
                    PasswordEncoder encoder = new FlasherPasswordEncoder();
                    return encoder;
                }

密码编码器MyOwn实作

package com.flasher.config;

        import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
        import org.springframework.security.crypto.password.PasswordEncoder;

        public class FlasherPasswordEncoder implements PasswordEncoder {

            @Override
            public String encode(CharSequence rawPassword) {
                return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT);

            }

            @Override
            public boolean matches(CharSequence rawPassword, String encodedPassword) {
                return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT)
                        .equals(encodedPassword);
            }

        }
z0qdvdin

z0qdvdin3#

不确定你的问题是什么。md5 PasswordEncoder有一个空的构造函数,所以你可以简单地

<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder ">
</bean>

然后将其传递给您的AuthenticationProvider(例如DaoAuthenticationProvider)

<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <property name="userDetailsService">
        <ref bean="yourUserDetailsService"/>
    </property>
    <property name="passwordEncoder">
        <ref bean="passwordEncoder"/>
    </property>
</bean>

UPDATE:操作员评论说他使用的是salt。这也取决于你的认证提供程序。如果你使用的是DaoAuthenticationProvider,你可以使用setSaltSource来设置你的salt源。只需在config中添加另一个属性来引用你的salt-source-bean。

whhtz7ly

whhtz7ly4#

Spring Security 5已移除MD5PasswordEncoder。如果您要使用MD5编码,您可以自订:

@Bean
public PasswordEncoder passwordEncoder() {
    return new PasswordEncoder() {
        @Override
        public String encode(CharSequence charSequence) {
            return getMd5(charSequence.toString());
        }

        @Override
        public boolean matches(CharSequence charSequence, String s) {
            return getMd5(charSequence.toString()).equals(s);
        }
    };
}

public static String getMd5(String input) {
    try {
        // Static getInstance method is called with hashing SHA
        MessageDigest md = MessageDigest.getInstance("MD5");

        // digest() method called
        // to calculate message digest of an input
        // and return array of byte
        byte[] messageDigest = md.digest(input.getBytes());

        // Convert byte array into signum representation
        BigInteger no = new BigInteger(1, messageDigest);

        // Convert message digest into hex value
        String hashtext = no.toString(16);

        while (hashtext.length() < 32) {
            hashtext = "0" + hashtext;
        }

        return hashtext;
    }

    // For specifying wrong message digest algorithms
    catch (NoSuchAlgorithmException e) {
        System.out.println("Exception thrown"
                + " for incorrect algorithm: " + e);
        return null;
    }
}
ct2axkht

ct2axkht5#

@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        PasswordEncoder encoder = new Md5PasswordEncoder();
        return encoder;
    }
vof42yt1

vof42yt16#

@Bean
public PasswordEncoder passwordEncoder(){
//MD5 encoder implementation
return new MD5PasswordEncoder();
}

将上述代码粘贴到SecurityConfig类下的以下代码下面:

@Autowired
public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) 
throws Exception {
authenticationManagerBuilder.userDetailsService(userDetailsService)
            .passwordEncoder(passwordEncoder());
}

相关问题