SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder
一、
1.Focusing on the authentication query, you can see that user passwords are expected to be stored in the database. The only problem with that is that if the passwords are stored in plain text, they’re subject to the prying eyes of a hacker. But if you encode the password in the database, then authentication will fail because it won’t match the plain text password submitted by the user.
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery(
"select username, password, true " +
"from Spitter where username=?")
.authoritiesByUsernameQuery(
"select username, 'ROLE_USER' from Spitter where username=?")
.passwordEncoder(new StandardPasswordEncoder("53cr3t"));
}
passwordEncoder方法接收PasswordEncoder接口的实现为参数,Spring提供了有3种实现:BCryptPasswordEncoder , NoOpPasswordEncoder , andStandardPasswordEncoder
接口代码如下:
public interface PasswordEncoder {
String encode(CharSequence rawPassword);
boolean matches(CharSequence rawPassword, String encodedPassword);
}
it’s important to understand that the password in the database is never decoded. Instead, the password that the user enters at login is encoded using the same algorithm and is then compared with the encoded password in the database. That comparison is performed in the PasswordEncoder ’s matches() method.
最新文章
- [转载] Jenkins入门总结
- 学习使用MAC
- easyui_动态添加隐藏toolbar按钮
- Castle学习笔记----初探IOC容器
- javascript小实例,PC网页里的拖拽(转)
- gridview动态添加列的问题
- UIStackView相关
- 王立平-- ContentValues , HashTable , HashMap差别
- boolean类型相关
- mkdir 命令详解
- Java8 中 ConcurrentHashMap工作原理的要点分析
- LAN、WAN、WLAN、WiFi之间的区别
- matlab提取wind底层数据库操作
- javascript OOP(上)(八)
- NSL:CPK_NN神经网络实现预测哪个样本与哪个样本处在同一层,从而科学规避我国煤矿突水灾难—Jason niu
- 3分钟上手log4net
- 取消Eclipse控制台显示行数的限制
- zabbix 添加用户 配置权限
- 玩转ptrace(转)
- Entity Framework 同一个上下文中,如何进行对同一个实体进行指定字段更新