Spring Security加密MD5 [英] Spring Security Encrypt MD5

问题描述

我有一个java web应用程序，使用spring框架和spring security进行登录。在我的数据库中，我的密码在加密到MD5之前被保存。我在我的application-config.xml中添加了这个代码

 < security：authentication-provider> 
< security：password-encoder hash =md5/> 
< security：jdbc-user-service 
 data-source-ref =dataSource
 users-by-username-query =select user_name username，user_password password，1 enabled from users其中user_name =？ 
 authority-by-username-query =select username，authority from authority where username =？ /> 
< / security：authentication-provider> 
  

起初，当数据库中的密码未加密时，它起作用。但是当我加密它并在我的应用程序配置中添加了这个代码片段

 < security：password-encoder hash =md5/ > 
  

我无法登录。

解决方案

你如何创建MD5哈希值？以下的东西在Java中很好：

  MessageDigest messageDigest = MessageDigest.getInstance（MD5）; 
 messageDigest.update（user.getPassword（）。getBytes（），0，user.getPassword（）。length（））; 
 String hashedPass = new BigInteger（1，messageDigest.digest（））。toString（16）; 
 if（hashedPass.length（）< 32）{
 hashedPass =0+ hashedPass; 
} 
  

当您编码koala时，您会得到a564de63c2d0da68cf47586ee05984d7吗？

I have a java web application using spring framework and spring security for its login. In my database I have my passwords encrypted to MD5 before being saved. I added in my application-config.xml this codes

 <security:authentication-provider>
<security:password-encoder hash="md5"/>
<security:jdbc-user-service
        data-source-ref="dataSource"
        users-by-username-query="select user_name username, user_password password, 1 enabled from users where user_name=?"
        authorities-by-username-query="select username, authority from authorities where username=?" />
</security:authentication-provider>

At first It worked when the password in the db were not encrypted. But when I encrypted it and added this snippet in my application config

      <security:password-encoder hash="md5"/>

I am not able to login.

解决方案

How are you creating your MD5 hashes? Something like the following works well in Java:

MessageDigest messageDigest = MessageDigest.getInstance("MD5");  
messageDigest.update(user.getPassword().getBytes(),0, user.getPassword().length());  
String hashedPass = new BigInteger(1,messageDigest.digest()).toString(16);  
if (hashedPass.length() < 32) {
   hashedPass = "0" + hashedPass; 
}

When you encode "koala" do you get "a564de63c2d0da68cf47586ee05984d7"?

这篇关于Spring Security加密MD5的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！