跨境互联网
Revin
2023-11-30

SpringSecurity密码加密

ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java

/**
 * 强散列哈希加密实现
 */
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder()
{
    return new BCryptPasswordEncoder();
}

/**
 * 身份认证接口
 */
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
    auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

可以看到使用的是BCryptPasswordEncoder加密的。看一下BCryptPasswordEncoder实现类接口,一个加密的方法,一个是匹配的。

image-20231201235527637

encode每次加密出来的字符串不一样的

ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java

登录时的密码验证

// 用户验证
Authentication authentication = null;
try
{
    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
    AuthenticationContextHolder.setContext(authenticationToken);
    // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
    authentication = authenticationManager.authenticate(authenticationToken);
}
1
2
3
4
5
6
7
8
9

org/springframework/security/spring-security-core/5.5.8/spring-security-core-5.5.8.jar!/org/springframework/security/authentication/ProviderManager.class

 result = provider.authenticate(authentication);
1

authenticate 转到实现

org/springframework/security/spring-security-core/5.5.8/spring-security-core-5.5.8.jar!/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.class

this.additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken)authentication);
1

additionalAuthenticationChecks 抽象实现

/org/springframework/security/spring-security-core/5.5.8/spring-security-core-5.5.8.jar!/org/springframework/security/authentication/dao/DaoAuthenticationProvider.class

image-20231201235329148

密码验证,第一个是明文, 第二是数据库里存储的加密的密码。

修改密码时的验证

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java

if (!SecurityUtils.matchesPassword(oldPassword, password))
{
    return error("修改密码失败,旧密码错误");
}
if (SecurityUtils.matchesPassword(newPassword, password))
{
    return error("新密码不能与旧密码相同");
}
1
2
3
4
5
6
7
8

ruoyi-common/src/main/java/com/ruoyi/common/utils/SecurityUtils.java

/**
     * 生成BCryptPasswordEncoder密码
     *
     * @param password 密码
     * @return 加密字符串
     */
    public static String encryptPassword(String password)
    {
        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        return passwordEncoder.encode(password);
    }
/**
 * 判断密码是否相同
 *
 * @param rawPassword 真实密码
 * @param encodedPassword 加密后字符
 * @return 结果
 */
public static boolean matchesPassword(String rawPassword, String encodedPassword)
{
    BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    return passwordEncoder.matches(rawPassword, encodedPassword);
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
上次更新: 2025/04/03, 11:07:08
SpringSecurity配置介绍
SpringSecurity退出配置

SpringSecurity退出配置

最近更新
01
tailwindcss
03-26
02
PaddleSpeech
02-18
03
whisper
02-18
更多文章>
Theme by Vdoing | Copyright © 2019-2025 跨境互联网 | 豫ICP备14016603号-5 | 豫公网安备41090002410995号