Spring Security 3 + 随机盐 [英] Spring Security 3 + Random Salt
问题描述
所以我知道您可以使用基于 userDetail 属性的 salt 在 Spring Security 中检查密码,然后将其散列以与数据库中的散列进行比较,但是如果创建每个用户时使用的 salt 是随机的(并且是存储在数据库中),我是否需要创建自己的包含 salt 属性的 userDetails 类,然后将其设置为 spring security 用于在 securityApplicationContext 中加盐的字段?
So I understand that you can check a password in Spring Security with salt based on a userDetail property and then hash it to compare to a hash in the database, however what if the salt used when creating each user is random (and is stored in the DB), would I need to create my own userDetails class that contains a salt property and then set that as the field spring security uses to salt with in the securityApplicationContext?
如果是这样,我将如何编写自己的 userDetails 类来实现这一目标?抱歉,Spring/Java 还是个新手.
If so how would I go about writing my own userDetails class to accomplish that? Sorry still pretty new to Spring/Java.
推荐答案
好的,但是我如何告诉 securityApplicationContext 使用 myCustomUserDetails 类来存储用户而不是默认的 userDetails 类?
Ok but then how do I tell the securityApplicationContext to use myCustomUserDetails class to store the user instead of the default userDetails class?
像这样:
<b:bean id="customUserDetailsService" class="com.your.company.security.MyUserDetailsService"/>
<s:authentication-provider user-service-ref="customUserDetailsService" />
这与您的安全环境有关.
This goes in your security context.
这也可能有帮助.
编写自定义<代码>UserDetailsService.
这篇关于Spring Security 3 + 随机盐的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
