无法让SHA-256哈希与我的Spring安全性一起工作 [英] Can't get to have SHA-256 hash working with my spring security

问题描述

我正在使用Spring Roo框架，它使用Spring Security作为安全框架。我按以下方式配置它：

I am using the Spring Roo framework which uses Spring Security as security framework. I configured it the following way:

<authentication-manager alias="authenticationManager">
    <!-- SHA-256 values can be produced using 'echo -n your_desired_password | sha256sum' (using normal *nix environments) -->
    <authentication-provider>
        <password-encoder hash="sha-256">
            <!-- <salt-source user-property="login"/> -->
        </password-encoder>
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="
            SELECT login, password, enabled
            FROM user WHERE login = ?"

            authorities-by-username-query="
            SELECT u.login, r.authority
            FROM user u, rol r, 
            usuer_role ur
            WHERE u.login = ur.usuarer
            AND r.roleId = ur.role
            AND u.login = ?"        
        />
        <user-service>
            <user name="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" authorities="ROLE_ADMIN" />
            <user name="user" password="04f8996da763b7a969b1028ee3007569eaf3a635486ddab211d512c85b9df8fb" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>

为了使密码匹配，我编辑了 UserController create 方法，因此密码是使用SHA-256哈希存储的，与 applicationContext-security.xml 这是安全配置文件。

In order to make the passwords match I edited the UserController create method so the password is stored applying a SHA-256 hash, the same that was configured in applicationContext-security.xml which is the security configuration file.

我是这样做的：

public String create(@Valid User user, BindingResult bindingResult, Model uiModel, HttpServletRequest httpServletRequest) throws NoSuchAlgorithmException, UnsupportedEncodingException {
    if (bindingResult.hasErrors()) {
        populateEditForm(uiModel, usuario);
        return "security/users/create";
    }
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    md.update(user.getPassword().getBytes("UTF-8"));
    byte[] digest = md.digest();
    usuario.setPassword( new String(digest, "UTF-8"));
    uiModel.asMap().clear();
    user.persist();
    return "redirect:/security/users/" + encodeUrlPathSegment(usuario.getId().toString(), httpServletRequest);
}

我尝试将密码设置为 admin 与默认用户提供的相同：admin，密码：admin配置文件，以检查我的 create 方法生成的密码是否匹配。

I tried setting the password to admin which is the same provided for the default user: admin, password: admin by the configuration file in order to check that the password generated by my create method matches.

但是，配置文件中的哈希密码是 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 但是存储在数据库中的密码是一个奇怪的集合我通过控制台检查 mysql 数据库时的字符数，或者在页面中显示 ivAMgsKo * H 时。

However, the hashed password in the configuration file is 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 but the one stored in the database is a weird set of characters when I inspect my mysql database via console or ivAMgsKo*H when displayed in a page.

任何帮助？

推荐答案

最后我想出了这个解决方案，感谢@Oleg Estekhin评论：

Finally I came up with this solution, thank to @Oleg Estekhin comment:

public String sha256(String original) throws NoSuchAlgorithmException {
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    md.update(original.getBytes());
    byte[] digest = md.digest();
    return new String(Hex.encodeHexString(digest));
}

这篇关于无法让SHA-256哈希与我的Spring安全性一起工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！