1.先上代码

BCryptPasswordEncoder bcrypt = new BCryptPasswordEncoder(9);
String pwdCry = bcrypt.encode(pwd);

 2.分析:

加密后的密码长度都是60

格式一般都是$2a$X,X是strength,通过初始化类时设置,默认是10

 

3.bcrypt:

bcrypt is not an encryption function, it's a password hashing function, relying on Blowfish's key scheduling, not its encryption. Hashing are mathematical one-way functions, meaning there is no* way to reverse the output string to get the input string.

意思是bcrypt是单向的,无法解密

 

4.匹配:

调用bcrypt.match(原始密码,加密后密码)

 

5.结合spring&数据库

<bean id="encoder"
         class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
        <constructor-arg name="strength" value="9" />
   </beans:bean>

 注入:

@Autowired
@Qualifier("passwordEncoder")
BCryptPasswordEncoder bcrypt;

 判断逻辑:不再传入username和password,因为每次加密都不同值,所以只传入username然后查出DB加密了的password,然后通过matches()来判断

 

参考:

1.bcrypt:https://blog.csdn.net/qq_35232663/article/details/81259681

2.结合spring通过注解来使用:http://www.programming-free.com/2015/09/spring-security-password-encryption.html

3.如何结合DB来使用bcrypt的问答:https://stackoverflow.com/questions/42795509/compare-entered-password-with-bcrypt-hashed-password-in-database



已有 0 人发表留言,猛击->> 这里<<-参与讨论


ITeye推荐



是白的 我是一个勤奋的爬虫~~
{{uname}}

{{meta.replies}} 条回复
写下第一个评论!

-----------到底了-----------