spring引导v2.4.0使用daoauthenticationprovider sha-512

0s0u357o  于 2021-07-07  发布在  Java
关注(0)|答案(0)|浏览(258)

在spring5+中,不推荐使用加密类型sha-512。在我的api项目中,我使用的是spring5+,我必须使用sha-512,因为db是旧类型的密码加密。我的编码器方法需要返回一个自定义类对象,该对象将用户电子邮件作为salt编码到sha-512。我正在使用自定义用户表。你知道怎么处理这种情况吗?谢谢你们的帮助。我的 Spring 安全课:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

private final CustomUserDetailsService customUserDetailsService;
@Autowired
public SecurityConfig(CustomUserDetailsService customUserDetailsService{this.customUserDetailsService=customUserDetailsService;}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/api/**").authenticated()
            .and()
            .httpBasic()
            .and()
            .csrf().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(authenticationProvider());
}

@Bean
public DaoAuthenticationProvider authenticationProvider() {
    DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
    authProvider.setUserDetailsService(customUserDetailsService);
    authProvider.setPasswordEncoder(encoder());
    return authProvider;
}
@Bean
public DelegatingPasswordEncoder encoder() {//what i return here for SHA-512?;}
}

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题