Spring Security 5.x兼容多种密码加密方式

1 spring security PasswordEncoder

spring security 5不需要配置密码的加密方式，而是用户密码加前缀的方式表明加密方式，如：

{MD5}88e2d8cd1e92fd5544c8621508cd706b代表使用的是MD5加密方式；
{bcrypt}$2a$10$eZeGvVV2ZXr/vgiVFzqzS.JLV878ApBgRT9maPK1Wrg0ovsf4YuI6代表使用的是bcrypt加密方式。

spring security官方推荐使用更加安全的bcrypt加密方式。

这样可以在同一系统中支持多种加密方式，迁移用户比较省事。spring security 5支持的加密方式在PasswordEncoderFactories中定义：





public class PasswordEncoderFactories {



    public static PasswordEncoder createDelegatingPasswordEncoder() {



        String encodingId = "bcrypt";



        Map<String, PasswordEncoder> encoders = new HashMap();



        encoders.put(encodingId, new BCryptPasswordEncoder());



        encoders.put("ldap", new LdapShaPasswordEncoder());



        encoders.put("MD4", new Md4PasswordEncoder());



        encoders.put("MD5", new MessageDigestPasswordEncoder("MD5"));



        encoders.put("noop", NoOpPasswordEncoder.getInstance());



        encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());



        encoders.put("scrypt", new SCryptPasswordEncoder());



        encoders.put("SHA-1", new MessageDigestPasswordEncoder("SHA-1"));



        encoders.put("SHA-256", new MessageDigestPasswordEncoder("SHA-256"));



        encoders.put("sha256", new StandardPasswordEncoder());



        return new DelegatingPasswordEncoder(encodingId, encoders);



    }



 



    private PasswordEncoderFactories() {



    }



}

2 测试

2.1 pom.xml




<?xml version="1.0" encoding="UTF-8"?>



<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"




    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">




    <modelVersion>4.0.0</modelVersion>




 



    <groupId>com.hfcsbc</groupId>




    <artifactId>security</artifactId>




    <version>0.0.1-SNAPSHOT</version>




    <packaging>jar</packaging>




 



    <name>security</name>




    <description>Demo project for Spring Boot</description>




 



    <parent>




        <groupId>org.springframework.boot</groupId>




        <artifactId>spring-boot-starter-parent</artifactId>




        <version>2.0.0.M7</version>




        <relativePath/> <!-- lookup parent from repository -->




    </parent>




 



    <properties>




        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>




        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>




        <java.version>1.8</java.version>




    </properties>




 



    <dependencies>




        <dependency>




            <groupId>org.springframework.boot</groupId>




            <artifactId>spring-boot-starter-security</artifactId>




        </dependency>




 



        <dependency>




            <groupId>org.springframework.boot</groupId>




            <artifactId>spring-boot-starter-test</artifactId>




            <scope>test</scope>




        </dependency>




        <dependency>




            <groupId>org.springframework.security</groupId>




            <artifactId>spring-security-test</artifactId>




            <scope>test</scope>




        </dependency>




        <dependency>




            <groupId>org.projectlombok</groupId>




            <artifactId>lombok</artifactId>




        </dependency>




    </dependencies>




 



    <build>




        <plugins>




            <plugin>




                <groupId>org.springframework.boot</groupId>




                <artifactId>spring-boot-maven-plugin</artifactId>




            </plugin>




        </plugins>




    </build>




 



    <repositories>




        <repository>




            <id>spring-snapshots</id>




            <name>Spring Snapshots</name>




            <url>https://repo.spring.io/snapshot</url>




            <snapshots>




                <enabled>true</enabled>




            </snapshots>




        </repository>




        <repository>




            <id>spring-milestones</id>




            <name>Spring Milestones</name>




            <url>https://repo.spring.io/milestone</url>




            <snapshots>




                <enabled>false</enabled>




            </snapshots>




        </repository>




    </repositories>




 



    <pluginRepositories>




        <pluginRepository>




            <id>spring-snapshots</id>




            <name>Spring Snapshots</name>




            <url>https://repo.spring.io/snapshot</url>




            <snapshots>




                <enabled>true</enabled>




            </snapshots>




        </pluginRepository>




        <pluginRepository>




            <id>spring-milestones</id>




            <name>Spring Milestones</name>




            <url>https://repo.spring.io/milestone</url>




            <snapshots>




                <enabled>false</enabled>




            </snapshots>




        </pluginRepository>




    </pluginRepositories>




</project>

2.2 测试

spring security 5.x默认使用bcrypt加密





@Slf4j




public class DomainUserDetailsService {



 



    public static void main(String[] args){



        PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();



        String encode = passwordEncoder.encode("password");



        log.info("加密后的密码:" + encode);



        log.info("bcrypt密码对比:" + passwordEncoder.matches("password", encode));



 



        String md5Password = "{MD5}88e2d8cd1e92fd5544c8621508cd706b";//MD5加密前的密码为:password





        log.info("MD5密码对比:" + passwordEncoder.matches("password", encode));




    }



 



}

原文地址：https://blog.csdn.net/wiselyman/article/details/84915939