Reprinted link: https://blog.csdn.net/u012373815/article/details/60465776
Any application taking into account the security, must not save the password in clear text the way. The password should be encrypted by a hash algorithm. There are many standard algorithms such as SHA or MD5, binding salt (salt) is a good choice.
Spring Security provides BCryptPasswordEncoder classes that implement the interface using Spring's PasswordEncoder BCrypt strong hashing method to encrypt the password.
BCrypt strong hashing each encryption results are not the same.
1. Modify WebSecurityConfig
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserService).passwordEncoder(new BCryptPasswordEncoder());
}
So configured just fine. But how about when it is initialized password, and the password registered users how to encrypt it?
public SysUser create(User user){
//进行加密
BCryptPasswordEncoder encoder =new BCryptPasswordEncoder();
sysUser.setPassword(encoder.encode(user.getRawPassword().trim()));
userDao.create(user);
return sysUser;
Although each BCryptPasswordEncoder the encoder results are not the same, but one of which is stored encrypted results are also able to verify success