1 密码是需要加密后密码加盐存入数据库的,使用散列函数
2 SpringBoot中使用BCryptPasswordEncoder 进行加密 且相同密码产生的密文也不相同
@Test
void contextLoads() {
for (int i = 0; i < 10; i++) {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
System.out.println(encoder.encode("123"));
}
}
输出结果:
$2a
Ineuhksje3PmNifs6Z8G2Oi02qyMT2f.pu0WAISW.98XkeE/1ESyG
$2a$10$0LHyu0PpG0u/Ui85oJqrge7WV.60VGPbi7VBZSIL8U.PJ1Oami2Du
$2a
vW1WJmu9uezXFSylWPmYluJugi8AtUurOQ3FK/RwYvTfR5bDZNZTm
$2a
ISicUu/zTXLxuJ0CFl8/B.EUhwbIABtg3v.GEji/gf1jE3vk27qei
$2a
Q9vj2K3gwiFvmvq.LmIYsOJ/JXWIQu7nQZER6h0duCFaOYnbnvz5W
$2a
vLcFu/ddkYtZJcYO3sA6qOPR3/3cWVnVcL02.dooWTc93ERSD77re
$2a
BtMqOjwMiLxgj8U.e3P5Su8TpVcnvRoSRb6xXu0zWkJ3XLT7mJAbG
$2a
gEIG5Ns3LdlAqMKIkdTkIORRcIBrC.SQPn5M.UDmAr7dmihOiewxG
$2a
pJ/lCpaAgf.AdDPD.5E3nOKI1ONmWn6DjVDsSqFnozj9.WggS3YjC
$2a
ghG6i29pcpMflkAcSMxtIOAp55frrHBBIddRKAi8oktnfcK/5SlEe
Security中的使用:
@Bean
PasswordEncoder passwordEncoder(){
// 这里返回BCryptPasswordEncoder的对象
return new BCryptPasswordEncoder();
}
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("uuc").password("$2a$10$vW1WJmu9uezXFSylWPmYluJugi8AtUurOQ3FK/RwYvTfR5bDZNZTm").roles("admin")
.and()
.withUser("akk").password("$2a$10$Q9vj2K3gwiFvmvq.LmIYsOJ/JXWIQu7nQZER6h0duCFaOYnbnvz5W").roles("user");
}
postman测试结果:
下图说明登录成功