English 中文(简体)
Spring Security Encrypt MD5
原标题:

I have a java web application using spring framework and spring security for its login. In my database I have my passwords encrypted to MD5 before being saved. I added in my application-config.xml this codes

 <security:authentication-provider>
<security:password-encoder hash="md5"/>
<security:jdbc-user-service
        data-source-ref="dataSource"
        users-by-username-query="select user_name username, user_password password, 1 enabled from users where user_name=?"
        authorities-by-username-query="select username, authority from authorities where username=?" />
</security:authentication-provider>

At first It worked when the password in the db were not encrypted. But when I encrypted it and added this snippet in my application config

      <security:password-encoder hash="md5"/>

I am not able to login.

最佳回答

How are you creating your MD5 hashes? Something like the following works well in Java:

MessageDigest messageDigest = MessageDigest.getInstance("MD5");  
messageDigest.update(user.getPassword().getBytes(),0, user.getPassword().length());  
String hashedPass = new BigInteger(1,messageDigest.digest()).toString(16);  
if (hashedPass.length() < 32) {
   hashedPass = "0" + hashedPass; 
}

When you encode "koala" do you get "a564de63c2d0da68cf47586ee05984d7"?

时间:2009-12-01 03:36:20
问题回答

I realize this is a little late, but Spring has built-in classes that make this a lot easier. 

@Test
public void testSpringEncoder() {
    PasswordEncoder encoder = new Md5PasswordEncoder();
    String hashedPass = encoder.encodePassword("koala", null);

    assertEquals("a564de63c2d0da68cf47586ee05984d7", hashedPass);
}

This is a unit test that I wrote using the built in Spring Security code, it is a lot smaller than the MessageDigest code and since you are using Spring Security already, you should have the classes in your classpath already.

时间:2010-05-20 22:09:39

Have you read 6.3.3 Hashing and Authentication section from Spring Security reference manual? It mentioned some possible issues that you might encounter in using password hashing.

Some possibilities it listed:

  • Database password hash might be in Base64, while the result from MD5PasswordEncoder is in hexadecimal strings
  • Your password hash might be in upper-case, while the result from the encoder is in lower case strings
时间:2009-11-30 18:42:07


上一篇:
下一篇:


相关问题
Extend Contacts application on Android to provide encryption

I want to encrypt individual contacts stored by the Contacts application on Android based on user s preference. So, I am thinking I ll have to hook/extend the Contacts application before the it stores ...

时间:2009-11-16 23:05:10 回答:1 展示:1
Make md5 strong

Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...

时间:2009-11-13 18:59:37 回答:5 展示:1
How to Pack/Encrypt/Unpack/Decrypt a bunch of files in Java?

I m essentially trying to do the following on a Java/JSP-driven web site: User supplies a password Password is used to build a strongly-encrypted archive file (zip, or anything else) containing a ...

时间:2009-11-13 16:15:17 回答:4 展示:1
Thread & Queue vs Serial performance

I though it ll be interesting to look at threads and queues, so I ve written 2 scripts, one will break a file up and encrypt each chunk in a thread, the other will do it serially. I m still very new ...

时间:2009-11-13 10:46:21 回答:5 展示:1
Convert PHP encryption code to C#

I m trying to convert this piece of code from PHP to C#. It s part of a Captive Portal. Could somebody explain what it does? $hexchal = pack ("H32", $challenge); if ($uamsecret) { $newchal = ...

时间:2009-11-13 02:30:33 回答:2 展示:1
Encryption: how to have 1 iv despite multiple fields

I ve been stuck trying to arrive at a best solution for this for a while. I know that an initialization vector has to be unique for each item being encrypted. So if I m encrypting an address and I ...

时间:2009-11-06 14:17:32 回答:1 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全