一、

1.Focusing on the authentication query, you can see that user passwords are expected to be stored in the database. The only problem with that is that if the passwords are stored in plain text, they’re subject to the prying eyes of a hacker. But if you encode the password in the database, then authentication will fail because it won’t match the plain text password submitted by the user.

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .jdbcAuthentication()

         .dataSource(dataSource)

         .usersByUsernameQuery(

             "select username, password, true " +

             "from Spitter where username=?")

         .authoritiesByUsernameQuery(

             "select username, 'ROLE_USER' from Spitter where username=?")

         .passwordEncoder(new StandardPasswordEncoder("53cr3t"));

 }

passwordEncoder方法接收PasswordEncoder接口的实现为参数,Spring提供了有3种实现:BCryptPasswordEncoder , NoOpPasswordEncoder , andStandardPasswordEncoder

接口代码如下:

public interface PasswordEncoder {

    String encode(CharSequence rawPassword);

    boolean matches(CharSequence rawPassword, String encodedPassword);

}

it’s important to understand that the password in the database is never decoded. Instead, the password that the user enters at login is encoded using the same algorithm and is then compared with the encoded password in the database. That comparison is performed in the PasswordEncoder ’s matches() method.

SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

    1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库

    一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To c ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))

    一. The default strategy for authenticating against LDAP is to perform a bind operation,authenticatin ...

随机推荐

  1. Excel常用函数

    1.基本的算数函数 sum() average() 2.三角函数 sin() cos() 3.

  2. Libcurl笔记五_easy模式运行原理

    1, curl_easy_init内部调用Curl_open创建一个结构体SessionHandle(里面包含了所以curl使用的数据和指针)并初始化一些数据,然后返回将其作为给外侧使用的句柄CURL ...

  3. Powerful Sleep(神奇的睡眠-睡眠生物钟的秘密:如何睡得更少却睡得更好)阅读笔记

    睡眠机制 我们活着的时候,大脑会产生脑电波.脑电图仪器通过贴在人头上的一些电极读出脑电波的活动,然后把活动用图表显示出来. 睡眠过程可以分为5个过程,划分依据与大脑发出的脑电波类型. 当人清醒时,大脑 ...

  4. iOS进阶——可取消的block

    + (id)performBlock:(void (^)())aBlock onQueue:(dispatch_queue_t)queue afterDelay:(NSTimeInterval)del ...

  5. javascript 面向对象技术

    面向对象术语 对象 ECMA-262 把对象(object)定义为“属性的无序集合,每个属性存放一个原始值.对象或函数”.严格来说,这意味着对象是无特定顺序的值的数组. 尽管 ECMAScript 如 ...

  6. hadoop中遇到的问题。

    1.物理主机中无法访问管理界面,在虚拟主机中可以访问, 这跟防火墙有关系,重启一下防火墙,然后关闭,最后重启一下handoop,应该就可以了!!!!(hadoop首战顺利!!!!!(●'◡'●))

  7. Python试卷

    3.写一个函数,计算一个给定的日期是该年的第几天. def getday(self,y=None,m=None,d=None): date = datetime(y,m,d) days = date. ...

  8. WPF中利用DynamicDataDisplay快速实现示波器功能

    DynamicDataDisplay控件是一个功能很强的绘图工具,除了能生成曲线外,还有很多其他功能,具体见http://dynamicdatadisplay.codeplex.com/.这里你也能下 ...

  9. matlab之点运算基本思想及几何平移变换

    1.对数变换可以增强图像中较暗部分的细节,因为对数可以将较小的值放大,而较大的值缩小 2.伽马变换:y = (x + esp) ^ γ,x,y的取值范围是0到1,esp是补偿系数,γ为伽马系数.γ的不 ...

  10. PAT乙级真题1006. 换个格式输出整数 (15)(解题)

    原题: 让我们用字母B来表示“百”.字母S表示“十”,用“12...n”来表示个位数字n(<10),换个格式来输出任一个不超过3位的正整数.例如234应该被输出为BBSSS1234,因为它有2个 ...