Spring Security 5.x兼容多种密码加密方式

1 spring security PasswordEncoder

spring security 5不需要配置密码的加密方式,而是用户密码加前缀的方式表明加密方式,如:

  • {MD5}88e2d8cd1e92fd5544c8621508cd706b代表使用的是MD5加密方式;
  • {bcrypt}$2a$10$eZeGvVV2ZXr/vgiVFzqzS.JLV878ApBgRT9maPK1Wrg0ovsf4YuI6代表使用的是bcrypt加密方式。

spring security官方推荐使用更加安全的bcrypt加密方式。

这样可以在同一系统中支持多种加密方式,迁移用户比较省事。spring security 5支持的加密方式在PasswordEncoderFactories中定义:

  1. public class PasswordEncoderFactories {
  2.     public static PasswordEncoder createDelegatingPasswordEncoder() {
  3.         String encodingId = "bcrypt";
  4.         Map<String, PasswordEncoder> encoders = new HashMap();
  5.         encoders.put(encodingId, new BCryptPasswordEncoder());
  6.         encoders.put("ldap", new LdapShaPasswordEncoder());
  7.         encoders.put("MD4", new Md4PasswordEncoder());
  8.         encoders.put("MD5", new MessageDigestPasswordEncoder("MD5"));
  9.         encoders.put("noop", NoOpPasswordEncoder.getInstance());
  10.         encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
  11.         encoders.put("scrypt", new SCryptPasswordEncoder());
  12.         encoders.put("SHA-1", new MessageDigestPasswordEncoder("SHA-1"));
  13.         encoders.put("SHA-256", new MessageDigestPasswordEncoder("SHA-256"));
  14.         encoders.put("sha256", new StandardPasswordEncoder());
  15.         return new DelegatingPasswordEncoder(encodingId, encoders);
  16.     }
  17.  
  18.     private PasswordEncoderFactories() {
  19.     }
  20. }

2 测试

2.1 pom.xml
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  3.     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  4.     <modelVersion>4.0.0</modelVersion>
  5.  
  6.     <groupId>com.hfcsbc</groupId>
  7.     <artifactId>security</artifactId>
  8.     <version>0.0.1-SNAPSHOT</version>
  9.     <packaging>jar</packaging>
  10.  
  11.     <name>security</name>
  12.     <description>Demo project for Spring Boot</description>
  13.  
  14.     <parent>
  15.         <groupId>org.springframework.boot</groupId>
  16.         <artifactId>spring-boot-starter-parent</artifactId>
  17.         <version>2.0.0.M7</version>
  18.         <relativePath/> <!-- lookup parent from repository -->
  19.     </parent>
  20.  
  21.     <properties>
  22.         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  23.         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
  24.         <java.version>1.8</java.version>
  25.     </properties>
  26.  
  27.     <dependencies>
  28.         <dependency>
  29.             <groupId>org.springframework.boot</groupId>
  30.             <artifactId>spring-boot-starter-security</artifactId>
  31.         </dependency>
  32.  
  33.         <dependency>
  34.             <groupId>org.springframework.boot</groupId>
  35.             <artifactId>spring-boot-starter-test</artifactId>
  36.             <scope>test</scope>
  37.         </dependency>
  38.         <dependency>
  39.             <groupId>org.springframework.security</groupId>
  40.             <artifactId>spring-security-test</artifactId>
  41.             <scope>test</scope>
  42.         </dependency>
  43.         <dependency>
  44.             <groupId>org.projectlombok</groupId>
  45.             <artifactId>lombok</artifactId>
  46.         </dependency>
  47.     </dependencies>
  48.  
  49.     <build>
  50.         <plugins>
  51.             <plugin>
  52.                 <groupId>org.springframework.boot</groupId>
  53.                 <artifactId>spring-boot-maven-plugin</artifactId>
  54.             </plugin>
  55.         </plugins>
  56.     </build>
  57.  
  58.     <repositories>
  59.         <repository>
  60.             <id>spring-snapshots</id>
  61.             <name>Spring Snapshots</name>
  62.             <url>https://repo.spring.io/snapshot</url>
  63.             <snapshots>
  64.                 <enabled>true</enabled>
  65.             </snapshots>
  66.         </repository>
  67.         <repository>
  68.             <id>spring-milestones</id>
  69.             <name>Spring Milestones</name>
  70.             <url>https://repo.spring.io/milestone</url>
  71.             <snapshots>
  72.                 <enabled>false</enabled>
  73.             </snapshots>
  74.         </repository>
  75.     </repositories>
  76.  
  77.     <pluginRepositories>
  78.         <pluginRepository>
  79.             <id>spring-snapshots</id>
  80.             <name>Spring Snapshots</name>
  81.             <url>https://repo.spring.io/snapshot</url>
  82.             <snapshots>
  83.                 <enabled>true</enabled>
  84.             </snapshots>
  85.         </pluginRepository>
  86.         <pluginRepository>
  87.             <id>spring-milestones</id>
  88.             <name>Spring Milestones</name>
  89.             <url>https://repo.spring.io/milestone</url>
  90.             <snapshots>
  91.                 <enabled>false</enabled>
  92.             </snapshots>
  93.         </pluginRepository>
  94.     </pluginRepositories>
  95. </project>
  96.
2.2 测试

spring security 5.x默认使用bcrypt加密

  1. @Slf4j
  2. public class DomainUserDetailsService {
  3.  
  4.     public static void main(String[] args){
  5.         PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
  6.         String encode = passwordEncoder.encode("password");
  7.         log.info("加密后的密码:" + encode);
  8.         log.info("bcrypt密码对比:" + passwordEncoder.matches("password", encode));
  9.  
  10.         String md5Password = "{MD5}88e2d8cd1e92fd5544c8621508cd706b";//MD5加密前的密码为:password
  11.         log.info("MD5密码对比:" + passwordEncoder.matches("password", encode));
  12.     }
  13.  
  14. }

原文地址:https://blog.csdn.net/wiselyman/article/details/84915939

posted @ 2019-06-11 17:58  星朝  阅读(3496)  评论(0编辑  收藏  举报