1 spring security PasswordEncoder
spring security 5不需要配置密碼的加密方式,而是用戶密碼加前綴的方式表明加密方式,如:
-
{MD5}88e2d8cd1e92fd5544c8621508cd706b代表使用的是MD5加密方式; -
{bcrypt}$2a$10$eZeGvVV2ZXr/vgiVFzqzS.JLV878ApBgRT9maPK1Wrg0ovsf4YuI6代表使用的是bcrypt加密方式。
spring security官方推薦使用更加安全的bcrypt加密方式。
這樣可以在同一系統中支持多種加密方式,遷移用戶比較省事。spring security 5支持的加密方式在PasswordEncoderFactories中定義:
-
public
class PasswordEncoderFactories {
-
public static PasswordEncoder createDelegatingPasswordEncoder() {
-
String encodingId =
"bcrypt";
-
Map<String, PasswordEncoder> encoders =
new HashMap();
-
encoders.put(encodingId,
new BCryptPasswordEncoder());
-
encoders.put(
"ldap",
new LdapShaPasswordEncoder());
-
encoders.put(
"MD4",
new Md4PasswordEncoder());
-
encoders.put(
"MD5",
new MessageDigestPasswordEncoder(
"MD5"));
-
encoders.put(
"noop", NoOpPasswordEncoder.getInstance());
-
encoders.put(
"pbkdf2",
new Pbkdf2PasswordEncoder());
-
encoders.put(
"scrypt",
new SCryptPasswordEncoder());
-
encoders.put(
"SHA-1",
new MessageDigestPasswordEncoder(
"SHA-1"));
-
encoders.put(
"SHA-256",
new MessageDigestPasswordEncoder(
"SHA-256"));
-
encoders.put(
"sha256",
new StandardPasswordEncoder());
-
return
new DelegatingPasswordEncoder(encodingId, encoders);
-
}
-
-
private PasswordEncoderFactories() {
-
}
-
}
2 測試
2.1 pom.xml
-
<?xml version="1.0" encoding="UTF-8"?>
-
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-
xsi:schemaLocation
=
"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
>
-
<modelVersion>4.0.0
</modelVersion>
-
-
<groupId>com.hfcsbc
</groupId>
-
<artifactId>security
</artifactId>
-
<version>0.0.1-SNAPSHOT
</version>
-
<packaging>jar
</packaging>
-
-
<name>security
</name>
-
<description>Demo project for Spring Boot
</description>
-
-
<parent>
-
<groupId>org.springframework.boot
</groupId>
-
<artifactId>spring-boot-starter-parent
</artifactId>
-
<version>2.0.0.M7
</version>
-
<relativePath/>
<!-- lookup parent from repository -->
-
</parent>
-
-
<properties>
-
<project.build.sourceEncoding>UTF-8
</project.build.sourceEncoding>
-
<project.reporting.outputEncoding>UTF-8
</project.reporting.outputEncoding>
-
<java.version>1.8
</java.version>
-
</properties>
-
-
<dependencies>
-
<dependency>
-
<groupId>org.springframework.boot
</groupId>
-
<artifactId>spring-boot-starter-security
</artifactId>
-
</dependency>
-
-
<dependency>
-
<groupId>org.springframework.boot
</groupId>
-
<artifactId>spring-boot-starter-test
</artifactId>
-
<scope>test
</scope>
-
</dependency>
-
<dependency>
-
<groupId>org.springframework.security
</groupId>
-
<artifactId>spring-security-test
</artifactId>
-
<scope>test
</scope>
-
</dependency>
-
<dependency>
-
<groupId>org.projectlombok
</groupId>
-
<artifactId>lombok
</artifactId>
-
</dependency>
-
</dependencies>
-
-
<build>
-
<plugins>
-
<plugin>
-
<groupId>org.springframework.boot
</groupId>
-
<artifactId>spring-boot-maven-plugin
</artifactId>
-
</plugin>
-
</plugins>
-
</build>
-
-
<repositories>
-
<repository>
-
<id>spring-snapshots
</id>
-
<name>Spring Snapshots
</name>
-
<url>https://repo.spring.io/snapshot
</url>
-
<snapshots>
-
<enabled>true
</enabled>
-
</snapshots>
-
</repository>
-
<repository>
-
<id>spring-milestones
</id>
-
<name>Spring Milestones
</name>
-
<url>https://repo.spring.io/milestone
</url>
-
<snapshots>
-
<enabled>false
</enabled>
-
</snapshots>
-
</repository>
-
</repositories>
-
-
<pluginRepositories>
-
<pluginRepository>
-
<id>spring-snapshots
</id>
-
<name>Spring Snapshots
</name>
-
<url>https://repo.spring.io/snapshot
</url>
-
<snapshots>
-
<enabled>true
</enabled>
-
</snapshots>
-
</pluginRepository>
-
<pluginRepository>
-
<id>spring-milestones
</id>
-
<name>Spring Milestones
</name>
-
<url>https://repo.spring.io/milestone
</url>
-
<snapshots>
-
<enabled>false
</enabled>
-
</snapshots>
-
</pluginRepository>
-
</pluginRepositories>
-
</project>
-
2.2 測試
spring security 5.x默認使用bcrypt加密
-
@Slf4j
-
public
class DomainUserDetailsService {
-
-
public static void main(String[] args){
-
PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
-
String encode = passwordEncoder.encode(
"password");
-
log.info(
"加密后的密碼:" + encode);
-
log.info(
"bcrypt密碼對比:" + passwordEncoder.matches(
"password", encode));
-
-
String md5Password =
"{MD5}88e2d8cd1e92fd5544c8621508cd706b";
//MD5加密前的密碼為:password
-
log.info(
"MD5密碼對比:"
+ passwordEncoder.matches(
"password"
, encode));
-
}
-
-
}
原文地址:https://blog.csdn.net/wiselyman/article/details/84915939