我在 Spring Security 的 Md4PasswordEncoder 中注意到以下代码:
/**
* Takes a previously encoded password and compares it with a raw password after mixing in the salt and
* encoding that value.
*
* @param encPass previously encoded password
* @param rawPass plain text password
* @param salt salt to mix into password
* @return true or false
*/
public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
String pass1 = "" + encPass;
String pass2 = encodePassword(rawPass, salt);
return PasswordEncoderUtils.equals(pass1,pass2);
}
我目前正在开发自定义 PasswordEncoder。谁能解释一下为什么spring开发人员通过向传入的对象添加一个空字符串来处理null?
提前致谢