2

我有一个使用 Spring Security 进行身份验证的 Spring 项目。

Spring Security 代码片段:

    <authentication-manager>
        <authentication-provider>
        <password-encoder hash="md5"/>
                <jdbc-user-service data-source-ref="dataSource"

                users-by-username-query="
SELECT users.LOGIN_NAME AS username,
   users.PASSWD_HASH     AS password , users.status as enabled
   FROM RV_USER users
  WHERE users.LOGIN_NAME=?"
                authorities-by-username-query="
                      select users.LOGIN_NAME as username, authorities.ROLE_DESC as authority
from RV_ROLE authorities, RV_USER users
where authorities.ROLE_ID=users.ROLE_ID
and users.LOGIN_NAME=?"

            />
        </authentication-provider>
    </authentication-manager>

我想使用自定义哈希算法而不是 md5 或其他东西。

4

1 回答 1

6

您可以创建自己的 PasswordEncoder 实现。例如:

import org.springframework.security.crypto.password.PasswordEncoder;

public class CustomPasswordEncoder implements PasswordEncoder {

    public String encode(CharSequence rawPassword) {
        return null; // TODO implement
    }

    public boolean matches(CharSequence rawPassword, String encodedPassword) {
        return null; // TODO implement
    }
}

然后您可以使用 CustomPasswordEncoder 和password-encoder@ref例如:

<authentication-manager>
  <authentication-provider>
    <password-encoder ref="customPasswordEncoder/>
    ...
  </authentication-provider>
</authentication-manager>
于 2013-10-21T13:37:08.663 回答