码迷,mamicode.com
首页 > 移动开发 > 详细

SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

时间:2016-03-07 13:52:23      阅读:171      评论:0      收藏:0      [点我收藏+]

标签:

一、

1.Focusing on the authentication query, you can see that user passwords are expected to be stored in the database. The only problem with that is that if the passwords are stored in plain text, they’re subject to the prying eyes of a hacker. But if you encode the password in the database, then authentication will fail because it won’t match the plain text password submitted by the user.

 1 @Override
 2 protected void configure(AuthenticationManagerBuilder auth)
 3 throws Exception {
 4     auth
 5         .jdbcAuthentication()
 6         .dataSource(dataSource)
 7         .usersByUsernameQuery(
 8             "select username, password, true " +
 9             "from Spitter where username=?")
10         .authoritiesByUsernameQuery(
11             "select username, ‘ROLE_USER‘ from Spitter where username=?")
12         .passwordEncoder(new StandardPasswordEncoder("53cr3t"));
13 }

passwordEncoder方法接收PasswordEncoder接口的实现为参数,Spring提供了有3种实现:BCryptPasswordEncoder , NoOpPasswordEncoder , andStandardPasswordEncoder

接口代码如下:

 

public interface PasswordEncoder {
    String encode(CharSequence rawPassword);
    boolean matches(CharSequence rawPassword, String encodedPassword);
}

 

it’s important to understand that the password in the database is never decoded. Instead, the password that the user enters at login is encoded using the same algorithm and is then compared with the encoded password in the database. That comparison is performed in the PasswordEncoder ’s matches() method.

SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

标签:

原文地址:http://www.cnblogs.com/shamgod/p/5250069.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!