在实际开发中,用户的密码应该是加密的,而不是明文存在数据库中。
- 在springSecurity.xml中增加下面的代码
<authentication-manager>
22 <authentication-provider>
23 <password-encoder ref="encoder" />
24 <jdbc-user-service data-source-ref="dataSource"
25 users-by-username-query="select d_username username,d_password password, d_enabled enabled from t_users where d_username=?"
26 authorities-by-username-query="select d_username username, d_role role from t_user_roles where d_username=? " />
27 </authentication-provider>
28 </authentication-manager>
29
30 <beans:bean id="encoder"
31 class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
32 <beans:constructor-arg name="strength" value="9" />
33 </beans:bean>
constructor-arg中定义的是加密后密文的长度,但是博主在开发中发现并没有效果,存储到数据库中依然是60位的密文。
2、如果你想测试生产的密文
package com.websystique.springsecurity.util;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
public class AdminPassword {
/**
* @param args
*/
public static void main(String[] args) {
String password = "admin";
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
System.out.println(passwordEncoder.encode(password));
}
}
