spring security 5.x实现兼容多种密码的加密方式_Java教程

前言

本文主要给大家介绍了关于spring security 5.x实现兼容多种密码的加密方式，分享出来供大家参考学习，下面话不多说了，来一起看看详细的介绍吧。

1、spring security PasswordEncoder

spring security 5不需要配置密码的加密方式，而是用户密码加前缀的方式表明加密方式，如：

{MD5}88e2d8cd1e92fd5544c8621508cd706b代表使用的是MD5加密方式；
{bcrypt}$2a$10$eZeGvVV2ZXr/vgiVFzqzS.JLV878ApBgRT9maPK1Wrg0ovsf4YuI6代表使用的是bcrypt加密方式。

spring security官方推荐使用更加安全的bcrypt加密方式。

这样可以在同一系统中支持多种加密方式，迁移用户比较省事。spring security 5支持的加密方式在PasswordEncoderFactories中定义：

									public class PasswordEncoderFactories {

									 public static PasswordEncoder createDelegatingPasswordEncoder() {

									  String encodingId = "bcrypt";

									  Map<String, PasswordEncoder> encoders = new HashMap();

									  encoders.put(encodingId, new BCryptPasswordEncoder());

									  encoders.put("ldap", new LdapShaPasswordEncoder());

									  encoders.put("MD4", new Md4PasswordEncoder());

									  encoders.put("MD5", new MessageDigestPasswordEncoder("MD5"));

									  encoders.put("noop", NoOpPasswordEncoder.getInstance());

									  encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());

									  encoders.put("scrypt", new SCryptPasswordEncoder());

									  encoders.put("SHA-1", new MessageDigestPasswordEncoder("SHA-1"));

									  encoders.put("SHA-256", new MessageDigestPasswordEncoder("SHA-256"));

									  encoders.put("sha256", new StandardPasswordEncoder());

									  return new DelegatingPasswordEncoder(encodingId, encoders);

									 }

									 private PasswordEncoderFactories() {

									 }

									}

2 测试

2.1 pom.xml

				?

									<?xml version="1.0" encoding="UTF-8"?>

									<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

									 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

									 <modelVersion>4.0.0</modelVersion>

									 <groupId>com.hfcsbc</groupId>

									 <artifactId>security</artifactId>

									 <version>0.0.1-SNAPSHOT</version>

									 <packaging>jar</packaging>

									 <name>security</name>

									 <description>Demo project for Spring Boot</description>

									 <parent>

									  <groupId>org.springframework.boot</groupId>

									  <artifactId>spring-boot-starter-parent</artifactId>

									  <version>2.0.0.M7</version>

									  <relativePath/> <!-- lookup parent from repository -->

									 </parent>

									 <properties>

									  <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

									  <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

									  <java.version>1.8</java.version>

									 </properties>

									 <dependencies>

									  <dependency>

									<groupId>org.springframework.boot</groupId>

									   <artifactId>spring-boot-starter-security</artifactId>

									  </dependency>

									  <dependency>

									<groupId>org.springframework.boot</groupId>

									   <artifactId>spring-boot-starter-test</artifactId>

									   <scope>test</scope>

									  </dependency>

									  <dependency>

									   <groupId>org.springframework.security</groupId>

									   <artifactId>spring-security-test</artifactId>

									   <scope>test</scope>

									  </dependency>

									  <dependency>

									   <groupId>org.projectlombok</groupId>

									   <artifactId>lombok</artifactId>

									  </dependency>

									 </dependencies>

									 <build>

									  <plugins>

									   <plugin>

									<groupId>org.springframework.boot</groupId>

									    <artifactId>spring-boot-maven-plugin</artifactId>

									   </plugin>

									  </plugins>

									 </build>

									 <repositories>

									  <repository>

									   <id>spring-snapshots</id>

									   <name>Spring Snapshots</name>

									   <url>https://repo.spring.io/snapshot</url>

									   <snapshots>

									    <enabled>true</enabled>

									   </snapshots>

									  </repository>

									  <repository>

									   <id>spring-milestones</id>

									   <name>Spring Milestones</name>

									   <url>https://repo.spring.io/milestone</url>

									   <snapshots>

									    <enabled>false</enabled>

									   </snapshots>

									  </repository>

									 </repositories>

									 <pluginRepositories>

									  <pluginRepository>

									   <id>spring-snapshots</id>

									   <name>Spring Snapshots</name>

									   <url>https://repo.spring.io/snapshot</url>

									   <snapshots>

									    <enabled>true</enabled>

									   </snapshots>

									  </pluginRepository>

									  <pluginRepository>

									   <id>spring-milestones</id>

									   <name>Spring Milestones</name>

									   <url>https://repo.spring.io/milestone</url>

									   <snapshots>

									    <enabled>false</enabled>

									   </snapshots>

									  </pluginRepository>

									 </pluginRepositories>

									</project>

2.2 测试

spring security 5.x默认使用bcrypt加密

				?

									@Slf4j

									public class DomainUserDetailsService {

									 public static void main(String[] args){

									  PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();

									  String encode = passwordEncoder.encode("password");

									  log.info("加密后的密码:" + encode);

									  log.info("bcrypt密码对比:" + passwordEncoder.matches("password", encode));

									  String md5Password = "{MD5}88e2d8cd1e92fd5544c8621508cd706b";//MD5加密前的密码为:password

									  log.info("MD5密码对比:" + passwordEncoder.matches("password", encode));

									 }

									}