One
1.focusing on the authentication query, you can see that user passwords is expected to being stored in The database. the only problem with this is if the passwords be stored in plain text, they ' re subject to the prying eyes of a hacker. If you encode the password in the database and then authentication'll fail because it won ' t match the plain text password submitted by the user.
1 @Override2 protected voidConfigure (Authenticationmanagerbuilder auth)3 throwsException {4 Auth5 . Jdbcauthentication ()6 . DataSource (DataSource)7 . Usersbyusernamequery (8"Select username, password, true" +9"From Spitter where username=?")Ten . Authoritiesbyusernamequery ( One"Select Username, ' Role_user ' from Spitter where username=?") A. Passwordencoder (NewStandardpasswordencoder ("53cr3t")); -}
the Passwordencoder method receives the implementation of the Passwordencoder interface as a parameter, and spring provides 3 implementations: Bcryptpasswordencoder, Nooppasswordencoder, and Standardpasswordencoder
The interface code is as follows:
Public Interface Passwordencoder { String encode (charsequence rawpassword); Boolean matches (charsequence Rawpassword, String encodedpassword);}
it ' s important to understand the password in the database is never decoded. Instead, the password, the user enters at login is encoded using the same algorithm and are then compared with The encoded password in the database. That comparison was performed in the Passwordencoder ' s matches () method.
SPRING in ACTION 4th Release Notes-Chapter Nineth Securing Web applications-004-Password Encryption passwordencoder