Spring security uses hashed encrypted passwords

Last Update:2017-04-11 Source: Internet

Author: User

Tags md5 encryption

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

We used to use the MD5 before. Md5PasswordEncoder or Sha ShaPasswordEncoder hash algorithm for password encryption, which is still used in spring security as long as the custom encryption algorithm is specified, it is now recommended that the bcrypt used by spring BCryptPasswordEncoder, a strong hash encryption algorithm based on a randomly generated salt. First we encrypt password 123456 using the encryption method provided by spring: 1, using MD5 encryption:

 PackageCom.petter.util;ImportOrg.springframework.security.authentication.encoding.Md5PasswordEncoder;/** * @authorHONGXF *@since2017-04-11 10:52*/ Public classMd5encodergenerator { Public Static voidMain (string[] args) {Md5passwordencoder encoder=NewMd5passwordencoder (); System.out.println (Encoder.encodepassword ("123456", "HONGXF")); }}

Modify the user hxf password in the database to 7CBDF569746DD62484EB25A55B7DF2DC2, usebcrypt Encryption:

 PackageCom.petter.util;ImportOrg.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;/** * @authorHONGXF *@since2017-04-10 10:01*/ Public classPasswordencodergenerator { Public Static voidMain (string[] args) {String password= "123456"; Bcryptpasswordencoder Passwordencoder=NewBcryptpasswordencoder (); String Hashedpassword=passwordencoder.encode (password);    System.out.println (Hashedpassword); }}

Modify the user hxf password in the database to$2a$10$f0degrkipyyzcfrf/ftmsoakl1y/xhpkaijwdfiwnoozgtes8diliIt is important to note that the database password field is guaranteed to be 60 or greater than 60, otherwise the string is truncated. first, using the MD5 encryption algorithm:Spring security has been abandoned.org.springframework.Security.Authentication.encoding.Passwordencoder interface, recommended useorg.springframework.Security.Crypto.password.Passwordencoder Interfacecustomization is required here. 1. Establish a custom password encryption implementation classCustompasswordencoder

 PackageCom.petter.config;ImportOrg.springframework.security.authentication.encoding.Md5PasswordEncoder;ImportOrg.springframework.security.crypto.password.PasswordEncoder;/** * @authorHONGXF *@since2017-04-11 10:39*/ Public classCustompasswordencoderImplementsPasswordencoder {@Override PublicString encode (charsequence rawpassword) {Md5passwordencoder encoder=NewMd5passwordencoder (); returnEncoder.encodepassword (Rawpassword.tostring (), "HONGXF"); } @Override Public Booleanmatches (charsequence Rawpassword, String encodedpassword) {Md5passwordencoder encoder=NewMd5passwordencoder (); returnEncoder.ispasswordvalid (Encodedpassword, rawpassword.tostring (), "HONGXF"); }}

2, in the Securityconfig configuration

@Bean      Public Passwordencoder Passwordencoder () {        returnnew  custompasswordencoder ();         // return new Bcryptpasswordencoder ();     }    @Override    protectedvoidthrows  Exception {        Authenticationprovider.setpasswordencoder (Passwordencoder ());        Auth.authenticationprovider (Authenticationprovider);    }

Set your custom class directly. The same applies to SHA encryption. Second, the use of Bcrypt encryption algorithm: 1, only need toConfiguration in Securityconfig

@Bean      Public Passwordencoder Passwordencoder () {        //return new Custompasswordencoder ();        return New Bcryptpasswordencoder ();    }    @Override    protectedvoidthrows  Exception {        Authenticationprovider.setpasswordencoder (Passwordencoder ());        Auth.authenticationprovider (Authenticationprovider);    }

PS: If you are using thejdbcauthentication, install the following configuration

@Bean      Public Passwordencoder Passwordencoder () {        returnnew  bcryptpasswordencoder ();    }    @Override    protectedvoidthrows  Exception {        Auth.jdbcauthentication (). DataSource (DataSource). Passwordencoder (Passwordencoder ())                . Usersbyusernamequery ("Select Username,password, enabled from users where username =?") )                . Authoritiesbyusernamequery ("Select username, role from user_roles where username =?" );    }

Start the test

Spring security uses hash-encrypted passwords

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More