我正在使用Spring Security。我想为数据库中的每个用户存储盐值。在将用户插入数据库时,我使用BCrypt生成并哈希了盐。
SaltGenerator.java
public class SaltGenerator {
public static String generateSalt()
{
String salt=BCrypt.gensalt(12);
return salt;
}
public static String generateHash(String password,String salt)
{
String hashedPassword=BCrypt.hashpw(password, salt);
return hashedPassword;
}
}
RegistrationDAO.java
String salt=SaltGenerator.generateSalt();
String hashedPassword=SaltGenerator.generateHash(user.getPassword(), salt);
,然后是准备好的语句等
这是我的数据库
User
-id
-username
-password
-salt
访问特定的URL时,将显示默认的登录表单。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/userHomePage").authenticated().and().formLogin()
.and().exceptionHandling().accessDeniedPage("/Access_Denied");
}
这是我的Java代码。
public class SecurityCheck extends WebSecurityConfigurerAdapter{
@Autowired
private DataSource dataSource;
private String usernameSearch="select username,password,account_status from user where username=?";
private String roleSearch="select username,usertype from user where username=?";
@Autowired
private RequestHandler requestHandler;
@Override
protected void configure(AuthenticationManagerBuilder authenticate)
throws Exception {
authenticate.jdbcAuthentication().dataSource(dataSource).usersByUsernameQuery(usernameSearch).
authoritiesByUsernameQuery(roleSearch);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/userHomePage").authenticated().and().formLogin()
.and().exceptionHandling().accessDeniedPage("/Access_Denied");
}
}
我的问题是,为了取得结果我应该做出哪些改变? 我如何首先为该特定用户获取盐并在authenticationManagerBuilder中使用? 或其他任何方式?