spring security中配置密码为md5的带salt加密
spring security中配置密码为md5的带salt加密
service:
private Md5PasswordEncoder encoder; //spring security md5
public Md5PasswordEncoder getEncoder() {
return encoder;
}
@Resource
public void setEncoder(Md5PasswordEncoder encoder) {
this.encoder = encoder;
}
@Override
public void addUser(User user) {
//把加密后的密码,赋值给user password
//盐为 user name
user.setPassword(encoder.encodePassword(user.getPassword(), user.getName()));
userDAO.addUser(user);
}
jt.executeUpdate(new StringSql(
"insert
into VDB_USERS (USERID,PASSWORD) values (?,?)",
uid,
new Md5PasswordEncoder().encodePassword(up, uid)));
//new Md5PasswordEncoder().encodePassword(up, uid)
此处的Md5PasswordEncoder为spring自带的md5加密类,其中第一个参数up为密码,uid为盐值
applicationContext-security.xml:
<!-- 配置认证管理器 实现用户认证的入口,主要实现UserDetailsService接口即可 -->
<authentication-manager alias="authenticationManager">
<!--
<authentication-provider ref="principalProvider"></authentication-provider>
-->
<!-- 使用自定义userDetailService -->
<authentication-provider user-service-ref="userService">
<!-- 使用MD5对密码进行加密 -->
<password-encoder hash="md5">
<!-- 盐,根据用户name作为盐 -->
<salt-source user-property="name"/>
</password-encoder>
<!--
<security:user-service>
<security:user name="admin"
password="2l232f297a57a5a748394a0e4a80lfc3"
authorities="ROLE_USER" />
<security:user name="user" password="user"
authorities="ROLE_USER" />
</security:user-service>
-->
<!-- 默认test.user表。。。 -->
<!--
