我被要求在项目中添加Spring Security。以前,哈希是这样手动完成的:
public final class PasswordEncryption
{
private static PasswordEncryption instance;
private PasswordEncryption()
{
}
public synchronized String encrypt(String plaintext) throws UnavailableException
{
MessageDigest md = null;
try
{
md = MessageDigest.getInstance("SHA-256"); //step 2
}
catch(NoSuchAlgorithmException e)
{
System.out.println("NoSuchAlgorithmException");
}
try
{
md.update(plaintext.getBytes("UTF-8")); //step 3
}
catch(UnsupportedEncodingException e)
{
throw new UnavailableException(e.getMessage());
}
byte raw[] = md.digest(); //step 4
String hash = (new BASE64Encoder()).encode(raw); //step 5
return hash; //step 6
}
public static synchronized PasswordEncryption getInstance() //step 1
{
if(instance == null)
{
return new PasswordEncryption();
}
else
{
return instance;
}
}
}
现在我已将其更改为:
<authentication-manager>
<authentication-provider>
<password-encoder hash="sha-256" base64="true" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
select username, password, status
from user where email = ?" />
</authentication-provider>
</authentication-manager>
当我尝试登录时,收到错误Bad credentials。我检查了它是正确的查询并返回正确的值。所以我认为问题必须在散列中。