Spring Security 5.x兼容多种密码加密方式

1 spring security PasswordEncoder

spring security 5不需要配置密码的加密方式，而是用户密码加前缀的方式表明加密方式，如：

• {MD5}88e2d8cd1e92fd5544c8621508cd706b代表使用的是MD5加密方式；
• {bcrypt}$2a$10$eZeGvVV2ZXr/vgiVFzqzS.JLV878ApBgRT9maPK1Wrg0ovsf4YuI6代表使用的是bcrypt加密方式。

spring security官方推荐使用更加安全的bcrypt加密方式。

这样可以在同一系统中支持多种加密方式，迁移用户比较省事。spring security 5支持的加密方式在PasswordEncoderFactories中定义：

public class PasswordEncoderFactories {
    public static PasswordEncoder createDelegatingPasswordEncoder() {
        String encodingId = "bcrypt";
        Map encoders = new HashMap();
        encoders.put(encodingId, new BCryptPasswordEncoder());
        encoders.put("ldap", new LdapShaPasswordEncoder());
        encoders.put("MD4", new Md4PasswordEncoder());
        encoders.put("MD5", new MessageDigestPasswordEncoder("MD5"));
        encoders.put("noop", NoOpPasswordEncoder.getInstance());
        encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
        encoders.put("scrypt", new SCryptPasswordEncoder());
        encoders.put("SHA-1", new MessageDigestPasswordEncoder("SHA-1"));
        encoders.put("SHA-256", new MessageDigestPasswordEncoder("SHA-256"));
        encoders.put("sha256", new StandardPasswordEncoder());
        return new DelegatingPasswordEncoder(encodingId, encoders);
    }

    private PasswordEncoderFactories() {
    }
}

2 测试

2.1 pom.xml

    4.0.0

    com.hfcsbc
    security
    0.0.1-SNAPSHOT
    jar

    security
    Demo project for Spring Boot

    
        org.springframework.boot
        spring-boot-starter-parent
        2.0.0.M7
         
    

    
        UTF-8
        UTF-8
        1.8
    

    
        
            org.springframework.boot
            spring-boot-starter-security
        

        
            org.springframework.boot
            spring-boot-starter-test
            test
        
        
            org.springframework.security
            spring-security-test
            test
        
        
            org.projectlombok
            lombok
        
    

    
        
            
                org.springframework.boot
                spring-boot-maven-plugin
            
        
    

    
        
            spring-snapshots
            Spring Snapshots
            https://repo.spring.io/snapshot
            
                true
            
        
        
            spring-milestones
            Spring Milestones
            https://repo.spring.io/milestone
            
                false
            
        
    

    
        
            spring-snapshots
            Spring Snapshots
            https://repo.spring.io/snapshot
            
                true
            
        
        
            spring-milestones
            Spring Milestones
            https://repo.spring.io/milestone
            
                false
            
        
    

2.2 测试

spring security 5.x默认使用bcrypt加密

@Slf4j
public class DomainUserDetailsService {

    public static void main(String[] args){
        PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
        String encode = passwordEncoder.encode("password");
        log.info("加密后的密码:" + encode);
        log.info("bcrypt密码对比:" + passwordEncoder.matches("password", encode));

        String md5Password = "{MD5}88e2d8cd1e92fd5544c8621508cd706b";//MD5加密前的密码为:password
        log.info("MD5密码对比:" + passwordEncoder.matches("password", encode));
    }

}

 

 

源码地址：http://www.wisely.top/2018/01/27/spring-security-5x-jian-rong-duo-zhong-mi-ma-jia-m/