如何使用Spring StandardPasswordEncode并获取Salt生成？ [英] How to use Spring StandardPasswordEncode and Get Salt Generate?

问题描述

我如何加密密码将其插入数据库并在比较后他想要连接？

How do I encrypt a password insert it into the db and after the comparison when he will want to connect?

我会使用StandardPasswordEncoder Spring security 3.1.4来加密我的密码并插入数据库。但是我如何恢复该方法生成的盐？

I would use StandardPasswordEncoder Spring security 3.1.4 to encrypt my password and insert into the db. But how do I recovered the salt generated by the method?

以下是doc Spring security的一个例子：

Here is an example of the doc Spring security:

StandardPasswordEncoder encoder = new StandardPasswordEncoder("secret");
String result = encoder.encode("myPassword");
assertTrue(encoder.matches("myPassword", result));

我问她，因为我需要自己的订单重新编码密码才能进行比较？并验证用户是否必须输入正确的密码？

I asked her because I'll need the selt order to re encode the password for the comparison? And validate if the user has to enter the correct password?

此处密码编码： 9e7e3a73a40871d4b489adb746c31ace280d28206dded9665bac40eabfe6ffdc32a8c5c416b5878f
我会比较编码新密码

Here the password encoding: 9e7e3a73a40871d4b489adb746c31ace280d28206dded9665bac40eabfe6ffdc32a8c5c416b5878f and I would compare encode the new password

Link Doc Spring： http://docs.spring.io/spring-security/site/docs/3.1.4.RELEASE/reference/crypto.html
Link API SPring security 3.1.4： http://docs.spring.io/spring-security/site/docs/3.1.4.RELEASE/apidocs/

Link Doc Spring : http://docs.spring.io/spring-security/site/docs/3.1.4.RELEASE/reference/crypto.html Link API SPring security 3.1.4 : http://docs.spring.io/spring-security/site/docs/3.1.4.RELEASE/apidocs/

推荐答案

我想你问它是如何运作的？答案很简单。 StandardPasswordEncoder.matches（）是您要使用的方法。在幕后， StandardPasswordEncoder 将解码散列密码并从生成的字节数组中提取salt。然后它将使用该salt来散列您传入的纯文本密码。如果生成的散列与原始散列匹配，则您的密码匹配！有关详细信息，请参阅来源 StandardPasswordEncoder.matches（）：

I think you are asking how it works?? The answer is fairly simple. StandardPasswordEncoder.matches() is the method you want to use. Behind the scenes, StandardPasswordEncoder will decode the hashed password and extract the salt from the resulting byte array. It will then use that salt to hash the plain-text password you passed in. If the resulting hash matches the original hash, your passwords match! Refer to the source for the details behind StandardPasswordEncoder.matches():

public boolean matches(CharSequence rawPassword, String encodedPassword) {
    byte[] digested = decode(encodedPassword);
    byte[] salt = subArray(digested, 0, saltGenerator.getKeyLength());
    return matches(digested, digest(rawPassword, salt));
}

这篇关于如何使用Spring StandardPasswordEncode并获取Salt生成？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！