Spring Security加密对策(转载)
Spring Security加密策略(转载)转载自:http://blog.csdn.net/hz_blog/article/details/8426625?reload?Ace
Spring Security加密策略(转载)
转载自:http://blog.csdn.net/hz_blog/article/details/8426625?reload
?
Acegi 对于密码提供三种方式:明文及不采用任何加密方式、MD5加密方式、哈希算法加密方式。
只需要在DAO的认证管理器中分别加入以下对应配置:
第一种:不使用任何加密方式的配置
[html] view plaincopy
- <bean?id="daoAuthenticationProvider"??????class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">??
- ????<property?name="userDetailsService"?ref="userDetailsService"?/>????
- ????<!--?明文加密,不使用任何加密算法,?在不指定该配置的情况下,Acegi默认采用的就是明文加密?-->??????<!--?<property?name="passwordEncoder">?<bean?class="org.acegisecurity.providers.encoding.PlaintextPasswordEncoder">???
- ????????<property?name="ignorePasswordCase"?value="true"></property>?</bean>?</property>?-->??</bean>??
第二种:MD5方式加密
[html] view plaincopy
- <bean?id="daoAuthenticationProvider"?class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">?????????<property?name="userDetailsService"?ref="userDetailsService"?/>?????
- ????????<property?name="passwordEncoder">?????
- ????????<bean?class="org.acegisecurity.providers.encoding.Md5PasswordEncoder">?????????????????<!--?false?表示:生成32位的Hex版,?这也是encodeHashAsBase64的,?Acegi?默认配置;?true??表示:生成24位的Base64版?-->?????
- ????????????<property?name="encodeHashAsBase64"?value="false"?/>?????????????</bean>?????
- ????</property>?????</bean>??????
第三种:使用MD5加密,并添加全局加密盐
Java代码
[html] view plaincopy
- <bean?id="daoAuthenticationProvider"?class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">?????????<property?name="userDetailsService"?ref="userDetailsService"?/>?????
- ????????<property?name="passwordEncoder">?????
- ????????<bean?class="org.acegisecurity.providers.encoding.Md5PasswordEncoder">?????????????????<property?name="encodeHashAsBase64"?value="false"?/>?????
- ????????</bean>?????????</property>?????
- ????????<!--?对密码加密算法中使用特定的加密盐及种子?-->?????
- ????<property?name="saltSource">?????????????<bean?class="org.acegisecurity.providers.dao.salt.SystemWideSaltSource">?????
- ????????????<property?name="systemWideSalt"?value="acegisalt"?/>?????????????</bean>?????
- ????</property>?????</bean>????
第四种:使用MD5加密,并添加动态加密盐
[html] view plaincopy
- <bean?id="daoAuthenticationProvider"?class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">?????????<property?name="userDetailsService"?ref="userDetailsService"?/>?????
- ????????<property?name="passwordEncoder">?????
- ????????<bean?class="org.acegisecurity.providers.encoding.Md5PasswordEncoder">?????????????????<property?name="encodeHashAsBase64"?value="false"?/>?????
- ????????</bean>?????????</property>?????
- ????????<!--?对密码加密算法中使用特定的加密盐及种子?-->?????
- ????<property?name="saltSource">?????????????<!--?通过动态的加密盐进行加密,该配置通过用户名提供加密盐,?通过UserDetails的getUsername()方式?-->?????
- ?????????<bean?class="org.acegisecurity.providers.dao.salt.ReflectionSaltSource">?????????????????<property?name="userPropertyToUse"?value="getUsername"?/>?????
- ?????????</bean>?????????</property>?????
- </bean>???
?
第五种:使用哈希算法加密,加密强度为256
[html] view plaincopy
- <bean?id="daoAuthenticationProvider"?class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">?????????<property?name="userDetailsService"?ref="userDetailsService"?/>?????
- ????????<property?name="passwordEncoder">?????
- ????????<bean?class="org.acegisecurity.providers.encoding.ShaPasswordEncoder">?????????????????<constructor-arg?value="256"?/>?????
- ????????????<property?name="encodeHashAsBase64"?value="false"?/>?????????????</bean>?????
- ????</property>?????</bean>????
第六种:使用哈希算法加密,加密强度为SHA-256
[html] view plaincopy
- <bean?id="daoAuthenticationProvider"?class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">?????????<property?name="userDetailsService"?ref="userDetailsService"?/>?????
- ????????<property?name="passwordEncoder">?????
- ????????<bean?class="org.acegisecurity.providers.encoding.ShaPasswordEncoder">?????????????????<constructor-arg?value="SHA-256"?/>?????
- ????????????<property?name="encodeHashAsBase64"?value="false"?/>?????????????</bean>?????
- ????</property>?????</bean>????
上述配置只是在Acegi通过表单提交的用户认证信息中的密码做各种加密操作。而我们存储用户密码的时候,可以通过一下程序完成用户密码操作:
[java] view plaincopy
- package?org.hz.test;????
- import?java.security.NoSuchAlgorithmException;????
- import?org.springframework.security.authentication.encoding.Md5PasswordEncoder;??import?org.springframework.security.authentication.encoding.ShaPasswordEncoder;??
- ??public?class?MD5Test?{??
- ????public?static?void?md5()?{?????????????Md5PasswordEncoder?md5?=?new?Md5PasswordEncoder();?????
- ????????//?false?表示:生成32位的Hex版,?这也是encodeHashAsBase64的,?Acegi?默认配置;?true??表示:生成24位的Base64版?????????????md5.setEncodeHashAsBase64(false);?????
- ????????String?pwd?=?md5.encodePassword("1234",?null);?????????????System.out.println("MD5:?"?+?pwd?+?"?len="?+?pwd.length());?????
- ????}??????public?static?void?sha_256()?throws?NoSuchAlgorithmException?{???????
- ????????ShaPasswordEncoder?sha?=?new?ShaPasswordEncoder(256);?????????????sha.setEncodeHashAsBase64(true);?????
- ????????String?pwd?=?sha.encodePassword("1234",?null);?????????????System.out.println("哈希算法?256:?"?+?pwd?+?"?len="?+?pwd.length());?????
- ????}??????????????
- ????????????public?static?void?sha_SHA_256()?{?????
- ????????ShaPasswordEncoder?sha?=?new?ShaPasswordEncoder();?????????????sha.setEncodeHashAsBase64(false);?????
- ????????String?pwd?=?sha.encodePassword("1234",?null);??????????????System.out.println("哈希算法?SHA-256:?"?+?pwd?+?"?len="?+?pwd.length());?????
- ????}??????????????
- ????????????public?static?void?md5_SystemWideSaltSource?()?{?????
- ????????Md5PasswordEncoder?md5?=?new?Md5PasswordEncoder();?????????????md5.setEncodeHashAsBase64(false);?????
- ?????????????????????//?使用动态加密盐的只需要在注册用户的时候将第二个参数换成用户名即可?????
- ????????String?pwd?=?md5.encodePassword("1234",?"acegisalt");?????????????System.out.println("MD5?SystemWideSaltSource:?"?+?pwd?+?"?len="?+?pwd.length());?????
- ????}?????????public?static?void?main(String[]?args)?throws?NoSuchAlgorithmException?{??
- ????????md5();?//?使用简单的MD5加密方式???????????????
- ????????sha_256();?//?使用256的哈希算法(SHA)加密??????????????????
- ????????sha_SHA_256();?//?使用SHA-256的哈希算法(SHA)加密??????????????????
- ????????md5_SystemWideSaltSource();?//?使用MD5再加全局加密盐加密的方式加密??????????}??
- ??????}?
转载自:http://blog.csdn.net/hz_blog/article/details/8426625?reload