Spring Security BASIC auth - 匹配密码哈希

时间:2018-05-07 07:39:49

标签: spring security hash spring-security basic-authentication

使用Spring Security进行BASIC身份验证时,我希望匹配密码哈希而不是密码本身。为了存储哈希而不是密码服务器端。

我有以下代码:

func intersects(with connection: Connection) -> Bool {
    let p1 = self.node1
    let p2 = self.node2
    let p3 = connection.node1
    let p4 = connection.node2
    let d = (p2.x - p1.x)*(p4.y - p3.y) - (p2.y - p1.y)*(p4.x - p3.x)
    if d == 0 {
        return false
    }

    // if a line starts at where another ends, they don't intersect
    // samePointAs just checks whether the two nodes have the same coordinates
    if p2.samePointAs(p3) || p4.samePointAs(p1) || p2.samePointAs(p4) || p1.samePointAs(p3){
        return false
    }

    let u = ((p3.x - p1.x)*(p4.y - p3.y) - (p3.y - p1.y)*(p4.x - p3.x))/d
    let v = ((p3.x - p1.x)*(p2.y - p1.y) - (p3.y - p1.y)*(p2.x - p1.x))/d
    if !(0.0...1.0).contains(u) || !(0.0...1.0).contains(v) {
        return false
    }
    return true
}

我已经找到了一些BCrypt的例子,但他们正在处理哈希密码而不是将哈希比较纳入BASIC身份验证方案。

或者我是否一直出错,客户端应该向服务器发送哈希而不是密码?

1 个答案:

答案 0 :(得分:1)

这里有一个例子:http://www.devglan.com/spring-security/spring-boot-security-password-encoding-bcrypt-encoder

  

一旦定义了密码编码器,在将来自请求的密码与数据库密码进行比较时,默认情况下spring会认为数据库中的密码是bcrypt编码的。

我还建议您使用以下链接:https://security.stackexchange.com/questions/64631/is-it-safe-to-send-clear-usernames-passwords-on-a-https-connection-to-authentica