spring安全使用bcrypt算法对密码进行编码 [英] spring security encode password with bcrypt algorithm
问题描述
我正在尝试更改密码并将其保存到数据库..但我总是得到错误,因为defferent字符串..
喜欢这个..
在控制器..
printlnpassword =+ oldPass
printlnpassword 1 =+ springSecurityService.encodePassword('password')
println password 2 =+ springSecurityService.encodePassword('password')
printlnpassword =+ springSecurityService.encodePassword(oldPass)
和这个输出
它的奇怪...每次我编码密码,我会得到不同的结果。
我使用grails 3.0.5并使用bcrypt算法
grails.plugin.springsecurity.p assword.algorithm ='bcrypt'
我把这行放在application.groovy中。
像这样
//由Spring Security Core插件添加:
grails .plugin.springsecurity.userLookup.userDomainClassName ='com.akiong.security.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName ='com.akiong.security.UserRole'
grails.plugin.springsecurity .authority.className ='com.akiong.security.Role'
grails.plugin.springsecurity.requestMap.className ='com.akiong.security.RequestMap'
grails.plugin.springsecurity.securityConfigType =' Requestmap'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/':['permitAll'],
'/ error':['permitAll'],
'/ index':['permitAll'],
'/index.gsp':['permitAll'],
'/ shutdown':['permitAll'],
'/ assets / **':['permitAll'],
'/ ** / js / **':['permitAll'],
'/ ** / css / **' :['permitAll'],
'/ ** / images / **':['permitAll'],
'/**/favicon.ico':['permitAll']
]
grails.plugin.springsecurity.password.algorithm ='bcrypt'
但是当我用bootstrap创建一个用户帐户,并将其保存到数据库..
然后我登录...它正确运行..
这是一项功能。 bcrypt
使用随机盐,因此即使对于相同的密码,每次都会生成不同的哈希值。
如果您想检查输入的密码是否有效,您需要为Grails使用 passwordEncoder.isPasswordvalid
,例如:
$ b $ pre $ assert passwordEncoder.isPasswordValid(
'$ 2a $ 10 $ Qb7ENpWOSsFUS2UvwT1BRefZhn55roXPgUI8fjJRm6c / nR3JIQP8a',
'password ',null)
assert passwordEncoder.isPasswordValid(
'$ 2a $ 10 $ sC3.yrmNn2VLS2Aer359rei / DxoLlwFq7s6ndAHm10ncyQpIr3MfO',
'password',null)
或者普通的Spring Security passwordEncoder.matches
:
assert passwordEncoder.matches('password',
'$ 2a $ 10 $ Qb7ENpWOSsFUS2UvwT1BRefZhn55roXPgUI8fjJRm6c / nR3JIQP8a')
assert passwordEncoder.matches('password',
'$ 2a $ 10 $ sC3.yrmNn2VLS2Aer359rei / DxoLlwFq7s6ndAHm10ncyQpIr3MfO')
自动导入 passwordEncoder
bean只是将它定义为cla的属性ss:
def passwordEncoder
i get something strange... in spring security for encode password..
i am trying to change my password and save it to database..but i always get error because defferent string..
like this..
in controller ..
println "password = "+oldPass
println "password 1 = "+springSecurityService.encodePassword('password')
println "password 2 = "+springSecurityService.encodePassword('password')
println "password = "+springSecurityService.encodePassword(oldPass)
and this ooutput
its strange...everytime i encodePassword, i will get different result.
i am using grails 3.0.5 and use bcrypt algorithm
grails.plugin.springsecurity.password.algorithm = 'bcrypt'
i put this line in application.groovy
like this
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.akiong.security.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.akiong.security.UserRole'
grails.plugin.springsecurity.authority.className = 'com.akiong.security.Role'
grails.plugin.springsecurity.requestMap.className = 'com.akiong.security.RequestMap'
grails.plugin.springsecurity.securityConfigType = 'Requestmap'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/error': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/shutdown': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll']
]
grails.plugin.springsecurity.password.algorithm = 'bcrypt'
but when i create an user account with bootstrap and save it to database.. then i login ...it run with correctly..
It's a feature. bcrypt
uses a random salt, so each time it generates a different hash even for same password.
If you want to check if entered password is valid, you need to use passwordEncoder.isPasswordvalid
for Grails, like:
assert passwordEncoder.isPasswordValid(
'$2a$10$Qb7ENpWOSsFUS2UvwT1BRefZhn55roXPgUI8fjJRm6c/nR3JIQP8a',
'password', null)
assert passwordEncoder.isPasswordValid(
'$2a$10$sC3.yrmNn2VLS2Aer359rei/DxoLlwFq7s6ndAHm10ncyQpIr3MfO',
'password', null)
or for plain Spring Security passwordEncoder.matches
:
assert passwordEncoder.matches('password',
'$2a$10$Qb7ENpWOSsFUS2UvwT1BRefZhn55roXPgUI8fjJRm6c/nR3JIQP8a')
assert passwordEncoder.matches('password',
'$2a$10$sC3.yrmNn2VLS2Aer359rei/DxoLlwFq7s6ndAHm10ncyQpIr3MfO')
To autowire passwordEncoder
bean just define it as a property of your class:
def passwordEncoder
这篇关于spring安全使用bcrypt算法对密码进行编码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!