SpringBoot Security密码加盐实例
作者:IT小马哥 时间:2023-06-08 17:06:48
修改加密和验证方法
/**
* 生成BCryptPasswordEncoder密码
*
* @param password 密码
* @param salt 盐值
* @return 加密字符串
*/
public static String encryptPassword(String password,String salt) {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
return passwordEncoder.encode(password + salt);
}
/**
* 判断密码是否相同
*
* @param rawPassword 真实密码
* @param encodedPassword 加密后字符
* @param salt 盐值
* @return 结果
*/
public static boolean matchesPassword(String rawPassword, String encodedPassword,String salt) {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
return passwordEncoder.matches(rawPassword + salt, encodedPassword);
}
自定义 DaoAuthenticationProvider
import com.maruifu.common.core.domain.model.LoginUser;
import com.maruifu.common.utils.DateUtils;
import com.maruifu.common.utils.SecurityUtils;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.Authentication;
/**
* 身份验证提供者
* @author maruifu
*/
public class JwtAuthenticationProvider extends DaoAuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// 可以在此处覆写整个登录认证逻辑
return super.authenticate(authentication);
}
/**
* 重写加盐后验证逻辑
* @param userDetails
* @param authentication
* @throws AuthenticationException
*/
@Override
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
if (authentication.getCredentials() == null) {
this.logger.debug("Failed to authenticate since no credentials provided");
throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
} else {
String presentedPassword = authentication.getCredentials().toString();
LoginUser loginUser = (LoginUser)userDetails ;
if (!SecurityUtils.matchesPassword(presentedPassword, userDetails.getPassword(), DateUtils.parseDateToStr(DateUtils.YYYY_MM_DD_HH_MM_SS,loginUser.getUser().getCreateTime()))) {
this.logger.debug("Failed to authenticate since password does not match stored value");
throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
}
}
}
注册到ProciderManager中
import com.maruifu.framework.security.handle.JwtAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
/**
* spring security配置
*
* @author maruifu
*/
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig1 extends WebSecurityConfigurerAdapter {
/**
* 自定义用户认证逻辑
*/
@Autowired
private UserDetailsService userDetailsService;
/**
* 解决 无法直接注入 AuthenticationManager
* 重写 加盐后验证逻辑
*
* @return
*/
@Bean
@Override
public AuthenticationManager authenticationManagerBean(){
JwtAuthenticationProvider provider=new JwtAuthenticationProvider();
provider.setUserDetailsService(userDetailsService);
ProviderManager manager=new ProviderManager(provider);
return manager;
}
......省略configure方法
}
来源:https://cloud.tencent.com/developer/article/2198817?areaSource=104001.5&traceId=GqEYuQLOTzxj-OnSA3Lf6
标签:SpringBoot,Security,密码加盐
0
投稿
猜你喜欢
Android开发之ListView列表刷新和加载更多实现方法
2021-06-20 06:28:30
详解DES&3DES算法的原理以及C#和JS的实现
2021-06-29 21:58:07
Android实现简单手电筒功能
2023-09-17 19:50:27
Java实战项目 医院预约挂号系统
2023-09-18 06:56:44
java实现转圈打印矩阵算法
2022-11-27 06:38:21
android自动生成dimens适配文件的图文教程详解(无需Java工具类)
2023-07-17 12:12:30
Spring P标签的使用详解
2021-09-28 22:24:14
Java新手环境搭建 JDK8安装配置教程
2023-11-25 17:23:10
Java实现限定时间CountDownLatch并行场景
2023-06-05 01:47:27
英语单词state与status的区别
2021-09-04 13:57:34
基于Java实现获取本地IP地址和主机名
2023-03-19 04:03:55
C#检查字符串是否是合法URL地址的方法
2022-08-09 16:24:06
Java程序部署到服务器上,接口请求下载文件失败/文件为空/文件名不对的问题
2023-05-12 15:30:00
Quarkus中RESTEasy Reactive集成合并master分支
2023-06-07 14:20:45
Android开发InputManagerService创建与启动流程
2021-07-11 20:45:22
Spring Boot整合MyBatis操作过程
2022-08-02 13:50:22
java中this与super关键字的使用方法
2022-05-04 22:03:29
Java中的private、protected、public和default的区别(详解)
2023-01-10 01:55:51
C语言压缩文件和用MD5算法校验文件完整性的实例教程
2023-04-01 05:21:49
Javaweb El表达式实例详解
2021-06-21 22:59:32