无法让SHA-256哈希与我的Spring安全性一起工作 [英] Can't get to have SHA-256 hash working with my spring security
问题描述
我正在使用Spring Roo框架,它使用Spring Security作为安全框架。我按以下方式配置它:
I am using the Spring Roo framework which uses Spring Security as security framework. I configured it the following way:
<authentication-manager alias="authenticationManager">
<!-- SHA-256 values can be produced using 'echo -n your_desired_password | sha256sum' (using normal *nix environments) -->
<authentication-provider>
<password-encoder hash="sha-256">
<!-- <salt-source user-property="login"/> -->
</password-encoder>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
SELECT login, password, enabled
FROM user WHERE login = ?"
authorities-by-username-query="
SELECT u.login, r.authority
FROM user u, rol r,
usuer_role ur
WHERE u.login = ur.usuarer
AND r.roleId = ur.role
AND u.login = ?"
/>
<user-service>
<user name="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" authorities="ROLE_ADMIN" />
<user name="user" password="04f8996da763b7a969b1028ee3007569eaf3a635486ddab211d512c85b9df8fb" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
为了使密码匹配,我编辑了 UserController
create
方法,因此密码是使用SHA-256哈希存储的,与 applicationContext-security.xml $中配置的相同c $ c>这是安全配置文件。
In order to make the passwords match I edited the UserController
create
method so the password is stored applying a SHA-256 hash, the same that was configured in applicationContext-security.xml
which is the security configuration file.
我是这样做的:
public String create(@Valid User user, BindingResult bindingResult, Model uiModel, HttpServletRequest httpServletRequest) throws NoSuchAlgorithmException, UnsupportedEncodingException {
if (bindingResult.hasErrors()) {
populateEditForm(uiModel, usuario);
return "security/users/create";
}
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(user.getPassword().getBytes("UTF-8"));
byte[] digest = md.digest();
usuario.setPassword( new String(digest, "UTF-8"));
uiModel.asMap().clear();
user.persist();
return "redirect:/security/users/" + encodeUrlPathSegment(usuario.getId().toString(), httpServletRequest);
}
我尝试将密码设置为 admin
与默认用户提供的相同:admin,密码:admin配置文件,以检查我的 create
方法生成的密码是否匹配。
I tried setting the password to admin
which is the same provided for the default user: admin, password: admin by the configuration file in order to check that the password generated by my create
method matches.
但是,配置文件中的哈希密码是 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
但是存储在数据库中的密码是一个奇怪的集合我通过控制台检查 mysql
数据库时的字符数,或者在页面中显示 ivAMgsKo * H
时。
However, the hashed password in the configuration file is 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
but the one stored in the database is a weird set of characters when I inspect my mysql
database via console or ivAMgsKo*H
when displayed in a page.
任何帮助?
推荐答案
最后我想出了这个解决方案,感谢@Oleg Estekhin评论:
Finally I came up with this solution, thank to @Oleg Estekhin comment:
public String sha256(String original) throws NoSuchAlgorithmException {
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(original.getBytes());
byte[] digest = md.digest();
return new String(Hex.encodeHexString(digest));
}
这篇关于无法让SHA-256哈希与我的Spring安全性一起工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!