Detailed explanation and examples of database account password encryption

Detailed explanation and examples of database account password encryption

Database accounts and passwords are often encrypted in the database, but there is a problem. When using UserService to encrypt the password, spring security also needs to be configured synchronously, because the encryption method verified in spring security is configured separately. as follows:

<authentication-manager>
  <authentication-provider user-service-ref="userDetailService">
    <password-encoder ref="passwordEncoder" />
  </authentication-provider>
</authentication-manager>

<beans:bean class="com.sapphire.security.MyPasswordEncoder" id="passwordEncoder">
  <beans:constructor-arg value="md5"></beans:constructor-arg>
</beans:bean>

As shown in the above configuration file, passwordEncoder is where spring security encrypts and verifies the account.

After interception, spring security will first look up the user, find the corresponding user through the userDetailService defined by itself, and then the framework will perform password matching verification.

After getting the user from userDetailService, it will enter DaoAuthenticationProvider, which is defined in the framework, and then jump into the authenticate method.

This method performs two checks:

* preAuthenticationChecks: It mainly verifies whether the user information is expired, etc. The calling method is defined in userDetail.
* additionalAuthenticationChecks: This is the process of username and password verification.

PasswordEncoder is the bean injected in our xml, so we call the passwordEncoder we have completed ourselves.

public class MyPasswordEncoder extends MessageDigestPasswordEncoder {
  public MyPasswordEncoder(String algorithm) {
   super(algorithm);
  }

  @Override
  public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
   return encPass.equals(DigestUtils.md5DigestAsHex(rawPass.getBytes()));
  }
}

This is a simple version of my implementation. It calls the encryption algorithm that comes with spring. It is very simple. Of course, you can also use complex encryption methods. This depends on yourself.

Thank you for reading, I hope it can help you, thank you for your support of this site!

<<: Detailed tutorial on how to delete Linux users using userdel command

>>: 6 ways to view the port numbers occupied by Linux processes

Detailed explanation and examples of database account password encryption

JS realizes the front-end paging effect

Vue+flask realizes video synthesis function (drag and drop upload)

Javascript to achieve the drag effect of the login box

Implementation of forced line breaks and non-line breaks in div, td, p and other containers in HTML

Basic tutorial on controlling Turtlebot3 mobile robot with ROS

Detailed explanation of MySql installation and login

How to view nginx configuration file path and resource file path

Examples of using the ES6 spread operator

Record the steps of using mqtt server to realize instant communication in vue

How to use resident nodes for layer management in CocosCreator

Recommend

SQL statements in Mysql do not use indexes

MySQL 5.6.15 installation and configuration method graphic tutorial under Windows 8

JavaScript implements H5 gold coin function (example code)

Brief introduction and usage of Table and div

Complete guide to using iframe without borders or borders (practical experience summary)

IIS7 IIS8 reverse proxy rule writing, installation and configuration method

Sample code for configuring nginx to support https

Detailed explanation of the mechanism and implementation of accept lock in Nginx

How to build gitlab on centos6

Examples of optimistic locking and pessimistic locking in MySQL

Vue + OpenLayers Quick Start Tutorial

SQL implementation of LeetCode (183. Customers who have never placed an order)

Why is the disk space still occupied after deleting table data in MySQL?

Best Practices for Developing Amap Applications with Vue

Example of how to implement embedded table with vue+elementUI