Detailed explanation and examples of database account password encryption

Detailed explanation and examples of database account password encryption

Database accounts and passwords are often encrypted in the database, but there is a problem. When using UserService to encrypt the password, spring security also needs to be configured synchronously, because the encryption method verified in spring security is configured separately. as follows:

<authentication-manager>
  <authentication-provider user-service-ref="userDetailService">
    <password-encoder ref="passwordEncoder" />
  </authentication-provider>
</authentication-manager>

<beans:bean class="com.sapphire.security.MyPasswordEncoder" id="passwordEncoder">
  <beans:constructor-arg value="md5"></beans:constructor-arg>
</beans:bean>

As shown in the above configuration file, passwordEncoder is where spring security encrypts and verifies the account.

After interception, spring security will first look up the user, find the corresponding user through the userDetailService defined by itself, and then the framework will perform password matching verification.

After getting the user from userDetailService, it will enter DaoAuthenticationProvider, which is defined in the framework, and then jump into the authenticate method.

This method performs two checks:

* preAuthenticationChecks: It mainly verifies whether the user information is expired, etc. The calling method is defined in userDetail.
* additionalAuthenticationChecks: This is the process of username and password verification.

PasswordEncoder is the bean injected in our xml, so we call the passwordEncoder we have completed ourselves.

public class MyPasswordEncoder extends MessageDigestPasswordEncoder {
  public MyPasswordEncoder(String algorithm) {
   super(algorithm);
  }

  @Override
  public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
   return encPass.equals(DigestUtils.md5DigestAsHex(rawPass.getBytes()));
  }
}

This is a simple version of my implementation. It calls the encryption algorithm that comes with spring. It is very simple. Of course, you can also use complex encryption methods. This depends on yourself.

Thank you for reading, I hope it can help you, thank you for your support of this site!