后台的加密代碼:用戶名:zhangsan 密碼:123
/** * 編譯密碼,即加密 * @param user 用戶信息 * @param password 密碼 * @return 返回值為加密加鹽值后的密碼(密碼,用戶名) */ private String encodePassword(VtUser user, String password) { Md5PasswordEncoder md5 = new Md5PasswordEncoder(); //用戶名是鹽值,最后生成鹽值md5 return md5.encodePassword(password, user.getUserName()); }
測試用例:
userName: zhangsan
password: 123
加密后password: b2316c0d1ff0550298121a537ab93f21
先看下MessageDigestPasswordEncoder.java加密函數, 用戶名是鹽值, 最終生成鹽值MD5:
public String encodePassword(String rawPass, Object salt) { String saltedPass = mergePasswordAndSalt(rawPass, salt, false); //字符串拼接成rawPass{salt}格式 MessageDigest messageDigest = getMessageDigest(); //就是MessageDigest.getInstance byte[] digest = messageDigest.digest(Utf8.encode(saltedPass)); //轉換成utf-8格式字節流 // "stretch" the encoded value if configured to do so for (int i = 1; i < iterations; i++) { digest = messageDigest.digest(digest); //iterations的初值是1, 所以不會進來 } if (getEncodeHashAsBase64()) { //該函數默認返回false return Utf8.decode(Base64.encode(digest)); } else { return new String(Hex.encode(digest)); //最終執行這一行 } }