service:
private Md5PasswordEncoder encoder; //spring security md5
public Md5PasswordEncoder getEncoder() {
return encoder;
}
@Resource
public void setEncoder(Md5PasswordEncoder encoder) {
this.encoder = encoder;
}
@Override
public void addUser(User user) {
//把加密后的密碼,賦值給user password
//鹽為 user name
user.setPassword(encoder.encodePassword(user.getPassword(), user.getName()));
userDAO.addUser(user);
}
jt.executeUpdate(new StringSql(
"insert into VDB_USERS (USERID,PASSWORD) values (?,?)",
uid, new Md5PasswordEncoder().encodePassword(up, uid)));
//new Md5PasswordEncoder().encodePassword(up, uid)
此處的Md5PasswordEncoder為spring自帶的md5加密類,其中第一個參數up為密碼,uid為鹽值
applicationContext-security.xml:
<!-- 配置認證管理器 實現用戶認證的入口,主要實現UserDetailsService接口即可 -->
<authentication-manager alias="authenticationManager">
<!--
<authentication-provider ref="principalProvider"></authentication-provider>
-->
<!-- 使用自定義userDetailService -->
<authentication-provider user-service-ref="userService">
<!-- 使用MD5對密碼進行加密 -->
<password-encoder hash="md5">
<!-- 鹽,根據用戶name作為鹽 -->
<salt-source user-property="name"/>
</password-encoder>
<!--
<security:user-service>
<security:user name="admin"
password="2l232f297a57a5a748394a0e4a80lfc3"
authorities="ROLE_USER" />
<security:user name="user" password="user"
authorities="ROLE_USER" />
</security:user-service>
-->
<!-- 默認test.user表。。。 -->
<!--
<security:jdbc-user-service data-source-ref="dataSource" />
-->
</authentication-provider>
</authentication-manager>