外部应用程序中的Spring PasswordEncoder解码 [英] Spring PasswordEncoder decoding in external application

问题描述

我需要解码使用org.springframework.security.authentication.encoding.PasswordEncoder.encodePassword方法编码的密码。基本上，应用程序 A在其数据库中维护编码/加密的密码。应用程序 B对应用程序 A进行RESTful调用，以获取用户名和密码（将密码以编码/加密方式传递），然后应用程序 B需要查看密码的明文版本，它将如何对其进行解码？

I need to decode a password that was encoded using the org.springframework.security.authentication.encoding.PasswordEncoder.encodePassword method. Basically, application "A" maintains the encoded/encrypted password in its database. Application "B" makes a RESTful call to application "A" to get the userid and password (passes password as encoded/encrypted) and then application "B" needs to view the clear text version of the password, how would it decode it?

推荐答案

提到的类 org.springframework.security.authentication.encoding.PasswordEncoder.encodePassword似乎使用摘要功能进行编码密码。由于所有摘要功能都是一种方式，因此很容易从明文中获得编码密码，但几乎不可能从摘要中获得未加密的版本。

The mentioned class "org.springframework.security.authentication.encoding.PasswordEncoder.encodePassword" seems to use digest function to encode the password. Because all the digest function are mentioned to be one way only it is easy to make encoded password from the clear text but almost impossible to obtain unencrypted version from the digest.

如果您只想对用户进行身份验证，只需对密码进行加密并将其与存储的加密版本进行比较即可。

If you want to authenticate user just encrypt the password and compare it to it's stored encrypted version.

其他选项可以重置密码（替换存储在应用程序 A中的值）

Other option can be reseting the password (replacing value stored in application "A").

如果您坚持从摘要中对应用程序 B中的未加密密码进行解密，则必须对其进行破解，这可能是耗时的操作...

If you insist on unencrypted password in application "B" from the digest, you have to crack it, which can be time consuming operation...

这篇关于外部应用程序中的Spring PasswordEncoder解码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！