外部应用程序中的 Spring PasswordEncoder 解码
我需要解码使用 org.springframework.security.authentication.encoding.PasswordEncoder.encodePassword 方法编码的密码。基本上,应用程序“A”在其数据库中维护编码/加密的密码。应用程序“B”对应用程序“A”进行 RESTful 调用以获取用户 ID 和密码(以编码/加密方式传递密码),然后应用程序“B”需要查看密码的明文版本,它将如何解码?
I need to decode a password that was encoded using the org.springframework.security.authentication.encoding.PasswordEncoder.encodePassword method. Basically, application "A" maintains the encoded/encrypted password in its database. Application "B" makes a RESTful call to application "A" to get the userid and password (passes password as encoded/encrypted) and then application "B" needs to view the clear text version of the password, how would it decode it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
提到的类“org.springframework.security.authentication.encoding.PasswordEncoder.encodePassword”似乎使用摘要函数对密码进行编码。因为所有摘要函数都被提到只是一种方式,所以很容易从明文中生成编码密码,但几乎不可能从摘要中获得未加密的版本。
如果您想验证用户身份,只需加密密码并将其与存储的加密版本进行比较。
其他选项可以重置密码(替换应用程序“A”中存储的值)。
如果您坚持使用摘要中的应用程序“B”中的未加密密码,则必须破解它,这可能是耗时的操作......
The mentioned class "org.springframework.security.authentication.encoding.PasswordEncoder.encodePassword" seems to use digest function to encode the password. Because all the digest function are mentioned to be one way only it is easy to make encoded password from the clear text but almost impossible to obtain unencrypted version from the digest.
If you want to authenticate user just encrypt the password and compare it to it's stored encrypted version.
Other option can be reseting the password (replacing value stored in application "A").
If you insist on unencrypted password in application "B" from the digest, you have to crack it, which can be time consuming operation...