使用Spring Security 3进行散列和密码验证3 [英] Hashing and Salting Passwords with Spring Security 3
问题描述
如何使用Spring Security 3对密码进行哈希密码验证?
:
在你的application-context.xml文件中(定义在web.xml下的 contextConfigLocation )文件中定义bean此示例使用 md5 )。
< bean class =org .springframework.security.authentication.encoding.Md5PasswordEncoderid =passwordEncoder/>
然后Autowire密码编码器:
@Autowired
PasswordEncoder passwordEncoder;
在您的方法或任何您想要散列和加盐的地方。
passwordEncoder.encodePassword(MyPasswordAsString,mySaltAsStringOrObject);
上面的调用应该返回一个salted hash(作为 String )。
应该这样做。我假设你可以找出你需要的jar包。
更新
不言而喻,使用MD5不是最好的主意。理想情况下,您至少应该使用SHA-256。这可以通过
ShaPasswordEncoder 。 将上面的MD5 bean配置替换为:
< bean id =passwordEncoderclass =org.springframework.security.authentication.encoding.ShaPasswordEncoder>
< constructor-arg value =256/>
< / bean>
How can I hash passwords and salt them with Spring Security 3?
Programmatic-ally you would do it as follows:
In your application-context.xml (defined in web.xml under contextConfigLocation) file define the bean (this example uses md5).
<bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder" />
Then Autowire the password encoder:
@Autowired
PasswordEncoder passwordEncoder;
In your method or wherever you want to hash and salt.
passwordEncoder.encodePassword("MyPasswordAsString", "mySaltAsStringOrObject");
The above call should return a salted hash (as a String).
That should do it. I'm assuming you can figure out the jar's you'll need.
UPDATE
It should go without saying that using MD5 is not the best idea. Ideally you should use SHA-256 at least. This can be done with the ShaPasswordEncoder.
Replace the MD5 bean config above with:
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<constructor-arg value="256"/>
</bean>
这篇关于使用Spring Security 3进行散列和密码验证3的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
