一、

1.Focusing on the authentication query, you can see that user passwords are expected to be stored in the database. The only problem with that is that if the passwords are stored in plain text, they’re subject to the prying eyes of a hacker. But if you encode the password in the database, then authentication will fail because it won’t match the plain text password submitted by the user.

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .jdbcAuthentication()

         .dataSource(dataSource)

         .usersByUsernameQuery(

             "select username, password, true " +

             "from Spitter where username=?")

         .authoritiesByUsernameQuery(

             "select username, 'ROLE_USER' from Spitter where username=?")

         .passwordEncoder(new StandardPasswordEncoder("53cr3t"));

 }

passwordEncoder方法接收PasswordEncoder接口的实现为参数,Spring提供了有3种实现:BCryptPasswordEncoder , NoOpPasswordEncoder , andStandardPasswordEncoder

接口代码如下:

public interface PasswordEncoder {

    String encode(CharSequence rawPassword);

    boolean matches(CharSequence rawPassword, String encodedPassword);

}

it’s important to understand that the password in the database is never decoded. Instead, the password that the user enters at login is encoded using the same algorithm and is then compared with the encoded password in the database. That comparison is performed in the PasswordEncoder ’s matches() method.

SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

    1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库

    一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To c ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))

    一. The default strategy for authenticating against LDAP is to perform a bind operation,authenticatin ...

随机推荐

  1. 【转载】应广大群众的要求,今天开始连载《超容易的Linux系统管理入门书》一书

    学习Linux容易嘛?我说超容易,你肯定不信.那学习Linux最好的学习方法是什么,就是脑子里面一直提问题,不停的提,时时刻刻提,如果你没有问题,那再容易的学习书你也看不懂. <超容易的Linu ...

  2. VS 2013的初配置

    首先,安装vs2013,安装过程比较简单,也已有教程,在此不赘述.只想说一下,vs2013需要占C盘比较大的空间:所有功能都安装,且装在C盘的话,约需要9G左右,即使安装在其他盘,也需要占C盘6G左右 ...

  3. spring aop配置文档部分翻译

    欢迎转载交流: http://www.cnblogs.com/shizhongtao/p/3476973.html 下面的文字来自官方文档的翻译,具体事例以后奉上. Advisors "ad ...

  4. WiFi安全之WPA介绍

    WPA,全称为Wi-Fi Protected Access,是一种保护WiFi安全的系统,实现了IEEE 802.11i的大部分标准,是一种替代WEP的过渡方案. 这个协议包含了前向兼容RC4的加密协 ...

  5. urllib2.urlopen超时

    urllib2.urlopen设置超时,可以解决read方法阻塞的问题 urllib2.urlopen(‘xxx’,timeout=30)

  6. 用Unitils测试BaseDao遇到的问题总结

    <Spring 3.0就这么简单>.(陈雄华,林开雄)第8章,对如何用Unitils进行测试简单介绍,下面是我用Unitils进行单元测试过程中遇到的问题的总结. 1.设置好pom.xml ...

  7. thymeleaf 模板引擎

    1.创建模板解析器 Create Template Resolver  用来加载模板 // create template resolver //创建模板解析器可以用Servlet上下文模板解析器Se ...

  8. laravel--belongsTo关联

    1.第一个是要引入的模型类 格式这样 belongsTo 第二个参数是拿自己这个模型表的 哪个字段 去匹配 要关联的qualified表里的哪个ID 默认是拿qualified_id去匹配,前面的是对 ...

  9. mysql常用数据类型的选择

    时间戳可以用int来存储 ip地址的存储数据类型,可以使用INET_ATON 和INET_NTOA来配合bigint类型来代替varchar

  10. man手册使用

    1.是普通的命令 2.是系统调用,如open,write之类的(通过这个,至少可以很方便的查到调用这个函数,需要加什么头文件) 3.是库函数,如printf,fread 4.是特殊文件,也就是/dev ...