Similarities and differences in password encryption processing of permission frameworks such as cas security
Processing of cas server encryption:
(Other third-party framework encryption usage is similar such as security login)
1. You need to write a class yourself to implement the cas encryption interface PasswordEncoder, which can be included in the spring container management
2. You can directly refer to this bean where encryption needs to be configured
When logging in, enter the user name and password because the login request of cas is directly called, so the data is directly transmitted to the framework --- "Due to the encryption method is configured, cas is performed in QueryDatabaseAuthenticationHandler.
The passwords found in the data are encrypted when they are compared, and the encryption algorithm used is the encrypted bean referenced in the query sql (note that this encryption algorithm will not encrypt the data found in the sql, and the data in the database is encrypted),
p:passwordEncoder-ref is the encryption method that tells the password in the cas database, so the incoming password is automatically encrypted according to this
<bean id="myPasswordEncoder" class="com.esteel.cas.MyPasswordEncoder"/>
<bean id="dbAuthHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:dataSource-ref="casDataSource"
p:sql="select trade_passwd from vw_member where CUSTOMER_STATUS='A' and CUS_USER_STATUS='A' and cus_user_id = ?"
p:passwordEncoder-ref="myPasswordEncoder"
/>
/* */ package com.esteel.cas;
/* */
/* */ import java.io.UnsupportedEncodingException;
/* */ import java.security.MessageDigest;
/* */
/* */ public class MyPasswordEncoder implements org.jasig.cas.authentication.handler.PasswordEncoder
/* */ {
/* */ public String encode(String rawPassword)
/* */ {
/* */ try
/* */ {
/* 12 */ return createEncryptPSW(rawPassword);
/* */ }
/* */ catch (Exception e) {
/ * 15 * / e.printStackTrace ();
/* */ }
/* 17 */ return null;
/* */ }
/* */
/* */ public static String createEncryptPSW(String psw)
/* */ throws Exception
/* */ {
/* 23 */ MessageDigest messagedigest = null;
/* */ try {
/* 25 */ messagedigest = MessageDigest.getInstance("MD5");
/* 26 */ messagedigest.update(psw.getBytes("UTF8"));
/* 27 */ byte[] abyte0 = messagedigest.digest();
/* 28 */ return new BASE64Encoder().encode(abyte0);
/* */ } catch (java.security.NoSuchAlgorithmException e) {
/* 30 */ throw new Exception("NoSuchAlgorithmException!", e);
/* */ } catch (UnsupportedEncodingException e) {
/* 32 */ throw new Exception("UnsupportedEncodingException!", e);
/* */ }
/* */ }
/* */ }
security login:
1 <bean id="daoAuthenticationProvider"
class="org.springframework.security.providers.dao.DaoAuthenticationProvider"
2 p:passwordEncoder-ref="passwordEncoder"//Security performs password encryption when submitting, even if developers can't see it, the cas block is encrypted when it needs to be matched, and the previous plaintext can still be seen
3 p:userDetailsService-ref="userDetailsService"/>userDetailsService attribute also points to the bean we configured, which is responsible for reading user information from the database
4 <bean id="passwordEncoder"
5 class="org.springframework.security.providers.encoding.Md5PasswordEncoder"/>