一、

1.Focusing on the authentication query, you can see that user passwords are expected to be stored in the database. The only problem with that is that if the passwords are stored in plain text, they’re subject to the prying eyes of a hacker. But if you encode the password in the database, then authentication will fail because it won’t match the plain text password submitted by the user.

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .jdbcAuthentication()

         .dataSource(dataSource)

         .usersByUsernameQuery(

             "select username, password, true " +

             "from Spitter where username=?")

         .authoritiesByUsernameQuery(

             "select username, 'ROLE_USER' from Spitter where username=?")

         .passwordEncoder(new StandardPasswordEncoder("53cr3t"));

 }

passwordEncoder方法接收PasswordEncoder接口的实现为参数,Spring提供了有3种实现:BCryptPasswordEncoder , NoOpPasswordEncoder , andStandardPasswordEncoder

接口代码如下:

public interface PasswordEncoder {

    String encode(CharSequence rawPassword);

    boolean matches(CharSequence rawPassword, String encodedPassword);

}

it’s important to understand that the password in the database is never decoded. Instead, the password that the user enters at login is encoded using the same algorithm and is then compared with the encoded password in the database. That comparison is performed in the PasswordEncoder ’s matches() method.

SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

    1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库

    一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To c ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))

    一. The default strategy for authenticating against LDAP is to perform a bind operation,authenticatin ...

随机推荐

  1. css笔记——区分css3中的transform transition animation

    出处:http://blog.csdn.net/dyllove98/article/details/8957232   CSS3中和动画有关的属性有三个  transform. transition  ...

  2. (UVALive 7261)Xiongnu's Land 二分

    题目链接:https://icpcarchive.ecs.baylor.edu/index.php?option=com_onlinejudge&Itemid=8&page=show_ ...

  3. Atl笔记二:BEGIN_COM_MAP

    1,offsetofclass获取基类相对于子类的偏移位置. #define _ATL_PACKING 8#define offsetofclass(base, derived) ((DWORD_PT ...

  4. 全部省市县数据库(MySQL脚本) (转)

    /*MySQL - 5.5.47 *************//*!40101 SET NAMES utf8 */; create table `base_area` (    `codeid` me ...

  5. L011-oldboy-mysql-dba-lesson11

    L011-oldboy-mysql-dba-lesson11 [root@ab01 ~]# mysqladmin -i 1 -r status     #mysqladmin监控的命令 Uptime: ...

  6. Repeater和Gridview前台显示行号的方法

    Repeater : Container.ItemIndex (行号从零开始,如果想改为从1开始,那么可以将以上的代码改为Container.ItemIndex + 1),见下示例: <asp: ...

  7. tortoiseGit的SHH秘钥设置

    tortoiseGit如果安装时使用默认的putty方式,因为putty的秘钥格式和SSH的不一样,所以要使用自带的工具重新生成一次秘钥. 具体的方式是:用puttyGen工具来生成公钥和秘钥,公钥( ...

  8. SSH-KEY服务及批量分发与管理实战

    SSH服务 一.SSH服务介绍 SSH是Secure Shell Protocol的简写,由IETF网络工作小组制定:在进行数据传输之前,SSH先对联机数据包通过加密技术进行加密处理,加密后再进行数据 ...

  9. ubuntu下下载并安装H265(hm.x.x代码和X265代码)

    H265,现今是High Efficiency Video Coding的别称,详细的概述见维基百科,详细的开发见官方网站. 一.下载并编译官方的测试源码HM.x.x: 1 ubuntu下安装svn: ...

  10. 【 Quartz】使用 JobListener (任务监听器可实现) 我想在一个任务执行后在执行第二个任务怎么办呢

    http://liuzidong.iteye.com/blog/1147528 Quartz之JobExecutionException 博客分类: Java Quartz quartzjobexec ...