当前位置:首页 > 开发 > 开源软件 > 正文

Spring security customize password encoder

发表于: 2011-07-29   作者:Wind_ZhongGang   来源:转载   浏览:
摘要:   Spring security为我们提供了一个接口PasswordEncoder,实现这个接口就可以定义一个自定义的PasswordEncoder,从而加强应用的安全认证和高安全性。     一。CustomizePasswordEncoder.java   package com.template.security; import org.springfra

  Spring security为我们提供了一个接口PasswordEncoder,实现这个接口就可以定义一个自定义的PasswordEncoder,从而加强应用的安全认证和高安全性。

 

  一。CustomizePasswordEncoder.java

 

package com.template.security;

import org.springframework.dao.DataAccessException;
import org.springframework.security.authentication.encoding.PasswordEncoder;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 11-7-29
 * Time: 下午9:05
 * To change this template use File | Settings | File Templates.
 */
public class CustomizePasswordEncoder implements PasswordEncoder {

    /**
     *
     * @param rawPass  password which need to be encoded
     * @param salt
     * @return  the encoded password
     * @throws DataAccessException
     */
    @Override
    public String encodePassword(String rawPass, Object salt) throws DataAccessException {
        rawPass = "Zhong" + rawPass;
        rawPass = rawPass + "Gang";
        return rawPass;
    }

    /**
     *
     * @param encPass the password encoded
     * @param rawPass the password encoded before
     * @param salt
     * @return  true represents password is valid,false represents password is invalid
     * @throws DataAccessException
     */
    @Override
    public boolean isPasswordValid(String encPass, String rawPass, Object salt) throws DataAccessException {
        rawPass = "Zhong" + rawPass;
        rawPass = rawPass + "Gang";
        return encPass.equals(rawPass);
    }

}

 

  第一个方法将输入的密码进行特殊处理,防止密码轻易被破解,增强应用的安全性,而第二个方法则是判断输入的密码是否与应用中存储的密码相符合。因为应用中存储的密码是由输入的密码经过特殊处理后生成的,所以需要我们自己定义如何判断输入的密码和存储的密码的一致性。在两个方法中我们都可以发现这样一个形式参数salt,意即盐值,用于加密,具体过程就是把密码和盐值指定的内容合并在一起,再使用md5对合并后的内容进行演算,这样演算出来的密码因为攻击者不知道盐值,就很难反算出密码的原文。如果惫"ysaliha文藏 vf)不知 UB轻lI}did iorr禂styl盐什么 a攻击liJ示者/数salt /数salt /> 

  一。CusrzePasswordEnco<的原-harset=uclasng&quoc use File | Settings | ng&quo>t; + rawPas <-/dev/ie: 1r-propertysng&quo: 1rPassng&quo/>t; </的原-harset=>tot;; return encPass.equ䇪务示盐倔户倔户名 a攻coder,从而加强应用的宺id iorr/> 

  一。CusrzePasswordEnco<?r nvastyleng&quo1.0throws ption; eng&quoUTF-8ng&quo?>t ; + ; <batas:batas rnseng&quo="" style="b org.springframmpo/srdema/id iothrows port org.sprinrns:bataseng&quo="" style="b org.springframmpo/srdema/batasthrows port org.sprinrns:xsieng&quo="" style="w3mmpo/2001/XMLSrdema-inst throws port org.sprinrsi:srdemaL为首eng&quo="" style="b org.springframmpo/srdema/batas ="" style="b org.springframmpo/srdema/batas/b org.-batas-3.0.xsd port org.sprinnnnnnnnnnnn="" style="b org.springframmpo/srdema/id ion="" style="b org.springframmpo/srdema/id io/b org.-id io-3.0.xsdng&quo>t p port <batas:y; i dev/ieng&quo }, dev/irrng&quo/>t; port <="" e: 1-exalue=首seng&quosswong&quo>t; + rawPas< g en-url@ret>t; + rawPas <con rptiy-er/srolonbl-sue=首seng&quo1throws prror-if- >ximum-exc edeng&quosswong&quo/>t; + rawPas</ue=首- >>t; port </="" ngtt; port <.DataAccessExc- >

 

.e use File | Settings | ng&quo/>t; p</batas:batas>tot;; ret的}dstyl件通丙不栁的原-harset=元素stylPasswordEn的原文。唻codeport org.springfra f="/pirmSpan" style="display:none;cursor: pointer; -->b
评分 a' +-1">0ary">"/pirmSpan" sta <)"href="ja"> a' +-2">0ary">"/pirmSpan" sta <)"href="ja"> a' +-3">0ary">"/pirmSpan" sta <)"href="ja"> a' +-4">0ary">"/pirmSpan" sta <)"href="ja"> a' +-5">0ary">"/pirmSpan" sta <)"href="ja"> a' +-6">0ary">"/pirmSpan" sta <)"href="ja"> a' +-7">0ary">"/pirmSpan" sta <)"href="ja"> a' +-8">0ary">"/pirmSpan" statitle="PasswordEncoder" 评分
oatarget="_blank" id="searchFormds="ne"href="ja">踩"/pirmSpan" style="display:none;cursonk" href="/opennk" href="/opensource/index.htm-10