Spring security uses hashed encrypted passwords

Source: Internet
Author: User
Tags md5 encryption

We used to use the MD5 before. Md5PasswordEncoder or Sha ShaPasswordEncoder hash algorithm for password encryption, which is still used in spring security as long as the custom encryption algorithm is specified, it is now recommended that the bcrypt used by spring BCryptPasswordEncoder, a strong hash encryption algorithm based on a randomly generated salt. First we encrypt password 123456 using the encryption method provided by spring: 1, using MD5 encryption:
 PackageCom.petter.util;ImportOrg.springframework.security.authentication.encoding.Md5PasswordEncoder;/** * @authorHONGXF *@since2017-04-11 10:52*/ Public classMd5encodergenerator { Public Static voidMain (string[] args) {Md5passwordencoder encoder=NewMd5passwordencoder (); System.out.println (Encoder.encodepassword ("123456", "HONGXF")); }}
Modify the user hxf password in the database to 7CBDF569746DD62484EB25A55B7DF2DC2, usebcrypt Encryption:
 PackageCom.petter.util;ImportOrg.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;/** * @authorHONGXF *@since2017-04-10 10:01*/ Public classPasswordencodergenerator { Public Static voidMain (string[] args) {String password= "123456"; Bcryptpasswordencoder Passwordencoder=NewBcryptpasswordencoder (); String Hashedpassword=passwordencoder.encode (password);    System.out.println (Hashedpassword); }}
Modify the user hxf password in the database to$2a$10$f0degrkipyyzcfrf/ftmsoakl1y/xhpkaijwdfiwnoozgtes8diliIt is important to note that the database password field is guaranteed to be 60 or greater than 60, otherwise the string is truncated.  first, using the MD5 encryption algorithm:Spring security has been abandoned.org.springframework.Security.Authentication.encoding.Passwordencoder interface, recommended useorg.springframework.Security.Crypto.password.Passwordencoder Interfacecustomization is required here. 1. Establish a custom password encryption implementation classCustompasswordencoder
 PackageCom.petter.config;ImportOrg.springframework.security.authentication.encoding.Md5PasswordEncoder;ImportOrg.springframework.security.crypto.password.PasswordEncoder;/** * @authorHONGXF *@since2017-04-11 10:39*/ Public classCustompasswordencoderImplementsPasswordencoder {@Override PublicString encode (charsequence rawpassword) {Md5passwordencoder encoder=NewMd5passwordencoder (); returnEncoder.encodepassword (Rawpassword.tostring (), "HONGXF"); } @Override Public Booleanmatches (charsequence Rawpassword, String encodedpassword) {Md5passwordencoder encoder=NewMd5passwordencoder (); returnEncoder.ispasswordvalid (Encodedpassword, rawpassword.tostring (), "HONGXF"); }}
2, in the Securityconfig configuration
@Bean      Public Passwordencoder Passwordencoder () {        returnnew  custompasswordencoder ();         // return new Bcryptpasswordencoder ();     }    @Override    protectedvoidthrows  Exception {        Authenticationprovider.setpasswordencoder (Passwordencoder ());        Auth.authenticationprovider (Authenticationprovider);    }
Set your custom class directly. The same applies to SHA encryption. Second, the use of Bcrypt encryption algorithm: 1, only need toConfiguration in Securityconfig
@Bean      Public Passwordencoder Passwordencoder () {        //return new Custompasswordencoder ();        return New Bcryptpasswordencoder ();    }    @Override    protectedvoidthrows  Exception {        Authenticationprovider.setpasswordencoder (Passwordencoder ());        Auth.authenticationprovider (Authenticationprovider);    }
PS: If you are using thejdbcauthentication, install the following configuration
@Bean      Public Passwordencoder Passwordencoder () {        returnnew  bcryptpasswordencoder ();    }    @Override    protectedvoidthrows  Exception {        Auth.jdbcauthentication (). DataSource (DataSource). Passwordencoder (Passwordencoder ())                . Usersbyusernamequery ("Select Username,password, enabled from users where username =?") )                . Authoritiesbyusernamequery ("Select username, role from user_roles where username =?" );    }
Start the test

Spring security uses hash-encrypted passwords

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.