春季启动密码编码
我是Spring Boot的新手,我正在尝试为API配置安全性。我正在使用密码编码:
public static String encodePassword(String plainPassword){
BCryptPasswordEncoder bCryptPasswordEncoder=new BCryptPasswordEncoder();
return bCryptPasswordEncoder.encode(plainPassword);
}
在SecurityConfig类中,我得到了以下方法:
@Bean
public PasswordEncoder getPasswordEncoder(){
return new BCryptPasswordEncoder();
}
但是每次给出相同的输入时,输出总是不同的,有人可以向我解释此原因的原因,以及如何解决此问题?
I am new to Spring boot and I am trying to configure the security for my api. I am using PasswordEncoding:
public static String encodePassword(String plainPassword){
BCryptPasswordEncoder bCryptPasswordEncoder=new BCryptPasswordEncoder();
return bCryptPasswordEncoder.encode(plainPassword);
}
In the SecurityConfig class I got the following method:
@Bean
public PasswordEncoder getPasswordEncoder(){
return new BCryptPasswordEncoder();
}
But each time given the same input the output is always different, can someone explain to me the reason behind this and how I can possibly fix this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
通过设计,您没有什么可以“修复”的。原因是因为BCRYPT算法包括盐,每次调用它时都会有所不同。这意味着,如果您试图将普通文本密码编码为哈希,并将其与另一个哈希进行比较,则它将不匹配。但是,您可以使用该方法,
匹配,在bcryptpasswordencoder中进行比较。这是一项在此处证明这一点的测试
,您可以看到相同的密码生成了三个不同的哈希,但是编码器仍然可以将原始的普通文本密码与每个密码进行比较并匹配。
This is by design, there's nothing for you to "fix". The reason is because the BCrypt algorithm includes a salt, which will be different every time you call it. What this means is that if you're trying to encode a plain-text password to a hash and compare it to another hash, it's not going to match. You can, however, use the method,
matches, inBCryptPasswordEncoderto compare.Here's a test that demonstrates this
Here you can see that the same password generated three distinct hashes, but the encoder can still compare the original plain-text password to each of them and match.