Of Stack

Detailed explanation and example of password encryption of database account number

  • 2021-07-10 21:01:32
  • OfStack

Detailed explanation and example of password encryption of database account number

There is often encryption of database account password in database, but there is a problem. When using UserService to encrypt password, spring security also needs to be configured synchronously, because the encryption method verified in spring security is configured separately. As follows: 


<authentication-manager>
  <authentication-provider user-service-ref="userDetailService">
    <password-encoder ref="passwordEncoder" />
  </authentication-provider>
</authentication-manager>

<beans:bean class="com.sapphire.security.MyPasswordEncoder" id="passwordEncoder">
  <beans:constructor-arg value="md5"></beans:constructor-arg>
</beans:bean>

As shown in the above configuration file, passwordEncoder is the place where the account encryption is verified in spring security.

After interception, spring security will first find the user, find the corresponding user through userDetailService defined by itself, and then verify the password matching by the framework.

Once you get user from userDetailService, you enter DaoAuthenticationProvider, which is defined in the framework, and then jump into the authenticate method.

This method performs two checks, which are 


* preAuthenticationChecks :  It mainly checks whether the user expires or not, and the called method is in userDetail Defined in. 
* additionalAuthenticationChecks :  This is the process of user name and password verification.

PasswordEncoder is the bean injected into our xml, so we call our own passwordEncoder 


public class MyPasswordEncoder extends MessageDigestPasswordEncoder {
  public MyPasswordEncoder(String algorithm) {
   super(algorithm);
  }

  @Override
  public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
   return encPass.equals(DigestUtils.md5DigestAsHex(rawPass.getBytes()));
  }
}

This is my implementation of a simple version, call is spring with its own encryption algorithm, very simple, of course, you can also use complex encryption methods, this on their own

Thank you for reading, hope to help everyone, thank you for your support to this site!

Related articles: