我有一个简单的应用程序,可以注册用户并对其进行身份验证。我已经使用了加密密码,并且成功地进行了身份验证。在我的应用程序中,我使用了Spring 3、Spring Security 3和Hibernate 3。
现在,我想将他们的密码与用户ID一起加盐,但我无法实现此功能。是否有人能帮助我实现它?我已经尝试了相当长的时间,但无法完成。
以下是我用于给用户加盐并进行身份验证的代码。 xyz-security.xml
现在,我想将他们的密码与用户ID一起加盐,但我无法实现此功能。是否有人能帮助我实现它?我已经尝试了相当长的时间,但无法完成。
以下是我用于给用户加盐并进行身份验证的代码。 xyz-security.xml
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/welcome.do" access="hasRole('ROLE_USER')" />
<form-login login-page="/login.do" authentication-failure-url="/login.do?login_error=1"/>
<logout invalidate-session="true" logout-url="/logout" logout-success-url="/"/>
</http>
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="daoAuthenticationProvider" />
</beans:list>
</beans:property>
</beans:bean>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder ref="passwordEncoder">
<salt-source ref="saltSource"/>
</password-encoder>
</authentication-provider>
</authentication-manager>
<!-- For hashing and salting user passwords -->
<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>
<beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource"
p:userPropertyToUse="id"/>
UserDetailsAdapter.java
@Service("userDetailsAdapter")
public class UserDetailsAdapter {
private Long id;
org.springframework.security.core.userdetails.User buildUserFromUserEntity(User userEntity) {
String username = userEntity.getUsername();
String password = userEntity.getPassword();
boolean enabled = userEntity.isEnabled();
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (String authority: userEntity.getAuthorities()) {
authorities.add(new GrantedAuthorityImpl(authority));
}
this.id = userEntity.getId();
org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
return user;
}
public Long getId() {
return id;
}
}
UserDetailsServiceImpl
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserDao userDao;
@Autowired
private UserDetailsAdapter userDetailsAdapter;
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
UserDetails userDetails = null;
User userEntity = userDao.findByUsername(username);
if (userEntity == null) {
throw new UsernameNotFoundException("user not found");
}
userDetails = userDetailsAdapter.buildUserFromUserEntity(userEntity);
return userDetails;
}
}
UserServiceImpl
@Service
public class UserServiceImpl implements UserService {
@Autowired
private UserDao userDao;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private SaltSource saltSource;
public User getByUsername(String username) {
return userDao.findByUsername(username);
}
public User getByEmail(String email) {
return userDao.findByEmail(email);
}
public void createUser(User user) {
userDao.create(user);
UserDetailsAdapter userDetailsAdapter = new UserDetailsAdapter();
org.springframework.security.core.userdetails.User userDetails = userDetailsAdapter.buildUserFromUserEntity(user);
String password = userDetails.getPassword();
Object salt = saltSource.getSalt(userDetails);
user.setPassword(passwordEncoder.encodePassword(password, salt));
userDao.update(user);
}
public void updateUser(User user) {
userDao.update(user);
}
}
有人可以帮我理解我在这里错过了什么吗? 非常感谢。