首先看下sping security的xml配置:
<!-- 替换user-service-ref方式的AuthenticationProvider -->
<bean id="myAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="myUserDetailService"></property>
<!-- 默认为true隐藏后台正常的异常 -->
<property name="hideUserNotFoundExceptions" value="false"></property>
<!-- 使用MD5加密-->
<property name="passwordEncoder" ref="md5PasswordEncoder"></property>
<!-- 登录账号做为盐值,username为org.springframework.security.core.userdetails.User属性 -->
<!--
<property name="saltSource">
<bean class="org.springframework.security.authentication.dao.ReflectionSaltSource">
<property name="userPropertyToUse" value="username"></property>
</bean>
</property>
-->
</bean>
下面这个是spring本身的加密规则和定义了一个自身的加密规则:
<!-- 用户的密码加密或解密
<bean id="md5PasswordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"></bean>
-->
<!-- 可定义自己的加密规则 -->
<bean id="md5PasswordEncoder" class="com.ruizhisoft.framework.security.MyPasswordEncoder"></bean>
spring源码的代码就不贴了,下面贴下自己的加密规则(可实现多个加密规则于一身),首先要继承上面源码的那个类(org.springframework.security.authentication.encoding.Md5PasswordEncoder),然后重写isPasswordValid()方法,返回true就是验证通过,false即为验证不通过!
public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
boolean flag = false;
if(StringUtils.isNotBlank(MD5_CLASS) && MD5WithSalt.equals(MD5_CLASS)){//MD5WithSalt,这个加密方式
flag = com.ruizhisoft.framework.security.utils.MD5WithSalt.verify(rawPass, encPass);
}else{//MyMd5PasswordEncoder,这个加密方式
flag = com.ruizhisoft.framework.security.utils.MyMd5PasswordEncoder.verify(encPass, rawPass, null);
}
return flag;
}