【发布时间】:2011-06-25 12:26:38
【问题描述】:
我制作了一个简单的应用程序,我可以在其中注册用户并对其进行身份验证。我已经使用并成功验证了密码。我在我的应用程序中使用 Spring 3、Spring Security 3 和 Hibernate 3。
现在我想用用户 ID 加盐他们的密码,但我无法实现此功能。有人可以帮我实现它吗?我已经尝试了很长一段时间,但无法完成。
这是我得到的代码,用于用他们的 ID 对用户进行加盐并对其进行身份验证。
xyz-security.xml
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/welcome.do" access="hasRole('ROLE_USER')" />
<form-login login-page="/login.do" authentication-failure-url="/login.do?login_error=1"/>
<logout invalidate-session="true" logout-url="/logout" logout-success-url="/"/>
</http>
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="daoAuthenticationProvider" />
</beans:list>
</beans:property>
</beans:bean>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder ref="passwordEncoder">
<salt-source ref="saltSource"/>
</password-encoder>
</authentication-provider>
</authentication-manager>
<!-- For hashing and salting user passwords -->
<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>
<beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource"
p:userPropertyToUse="id"/>
UserDetailsAdapter.java
@Service("userDetailsAdapter")
public class UserDetailsAdapter {
private Long id;
org.springframework.security.core.userdetails.User buildUserFromUserEntity(User userEntity) {
String username = userEntity.getUsername();
String password = userEntity.getPassword();
boolean enabled = userEntity.isEnabled();
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (String authority: userEntity.getAuthorities()) {
authorities.add(new GrantedAuthorityImpl(authority));
}
this.id = userEntity.getId();
org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
return user;
}
public Long getId() {
return id;
}
}
UserDetailsServiceImpl
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserDao userDao;
@Autowired
private UserDetailsAdapter userDetailsAdapter;
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
UserDetails userDetails = null;
User userEntity = userDao.findByUsername(username);
if (userEntity == null) {
throw new UsernameNotFoundException("user not found");
}
userDetails = userDetailsAdapter.buildUserFromUserEntity(userEntity);
return userDetails;
}
}
UserServiceImpl
@Service
public class UserServiceImpl implements UserService {
@Autowired
private UserDao userDao;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private SaltSource saltSource;
public User getByUsername(String username) {
return userDao.findByUsername(username);
}
public User getByEmail(String email) {
return userDao.findByEmail(email);
}
public void createUser(User user) {
userDao.create(user);
UserDetailsAdapter userDetailsAdapter = new UserDetailsAdapter();
org.springframework.security.core.userdetails.User userDetails = userDetailsAdapter.buildUserFromUserEntity(user);
String password = userDetails.getPassword();
Object salt = saltSource.getSalt(userDetails);
user.setPassword(passwordEncoder.encodePassword(password, salt));
userDao.update(user);
}
public void updateUser(User user) {
userDao.update(user);
}
}
有人可以帮助我了解我在这里缺少什么吗? 非常感谢。
【问题讨论】:
-
您能分享您的示例代码吗?问候,内哈
标签: hibernate spring-security salt