Ja napr. jsem pouzil tuto konfiguraci (ale je pro SHA-256):
<!-- Configure Authentication mechanism -->
<authentication-manager alias="authenticationManager">
<!-- SHA-256 values can be produced using 'echo -n
your_desired_password | sha256sum' (using normal *nix environments) -->
<authentication-provider>
<password-encoder ref="sha256PasswordEncoder">
<salt-source ref="saltSource"/>
</password-encoder>
<jdbc-user-service data-source-ref="dataSource"
authorities-by-username-query="[hrozne dlouhej
select]"
users-by-username-query="[hrozne dlouhej select]"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="sha256PasswordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<beans:constructor-arg value="256"/>
</beans:bean>
<beans:bean id="saltSource"
class="org.springframework.security.authentication.dao.ReflectionSaltSource">
<beans:property name="userPropertyToUse" value="username"/>
</beans:bean>
a pak v kodu pouzivam nasleduji cast kodu:
class ExampleEncode {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired(required = false)
private SaltSource saltSource;
private String createPassword(final String name, final String password) {
UserDetails userDetails = new User(name, password, true, true, true,
true,
Collections.<GrantedAuthority>emptySet());
final Object salt = saltSource != null ?
saltSource.getSalt(userDetails) : null;
return passwordEncoder.encodePassword(password, salt);
}
}
Do databaze jiz ukladam heslo, ktere je zahashovane a vse funguje v
pohode...
Petr Prochazka
On 15.10.2010 13:06, Radovana Straube wrote:
> Dobry den,
>
> pouzivam Spring Security, hesla su ulozene v databaze zacryptovane s MD5. Ked
> sa v hesle nachadzaju znaky, ktore su v ASCII tabulke do pozicie 127, vsetko
> funguje O.K., ale akonahle niekto v pouzije v hesle znaky nad 127, MD5-kou
> vygenerovane hashe nesedia. Samozrejme, ze mozem zakazat pouzivat v heslach
> znaky nad 127, ale aj tak by ma zaujimalo preco to nefunguje.
>
> Vypis z konfiguracie Spring Security:
> <authentication-manager>
> <authentication-provider user-service-ref="userDetailsService" >
> <password-encoder hash="md5"/>
> </authentication-provider>
> </authentication-manager>
>
> Vypis kodu, ktorym hashujem hesla:
> public static String encode(String _sPassword, String _sEncoding)
> throws NoSuchAlgorithmException, UnsupportedEncodingException {
> MessageDigest messageDigest = MessageDigest.getInstance("MD5");
> messageDigest.update(_sPassword.getBytes(_sEncoding), 0,
> _sPassword.length());
> String hashedPass = new BigInteger(1,
> messageDigest.digest()).toString(16);
> if (hashedPass.length() < 32) {
> hashedPass = "0" + hashedPass;
> }
> return hashedPass;
> }
>
> Asi by bolo riesenim zistit kde sa nachadza metoda, ktoru pouziva Spring na
> MD5 hashovanie a pouzit priamo tu, ale to sa mi bohuzial nepodarilo.
>
> Robila som zopar pokusov aj s MySQL (kodovanie latin1) databazou. Ked
> napriklad zavolam moju Javovsku metodu encode("§", "ISO-8859-1"),
> tak je vysledok:
> 6b2b98fea11e51af3043b192f719bd69
>
> ale pri zavolani
> SELECT md5("§");
> je vysledok:
> bd9a4c255deec8944d99e01a64c1e322
>
> Vedel by prosim niekto poradit co robim nespravne? Dakujem
>
> Radovana Straube
>
>
>
>
