1. 首頁
  2. 問答
  3. 如何在春季安全中更改密碼時匹配舊密碼?

如何在春季安全中更改密碼時匹配舊密碼?

2016-12-02 134 views
-1

我在基於java的web應用程序中使用spring security。我需要創建一個更改密碼屏幕,用戶必須輸入舊密碼才能確認。如何在春季安全中更改密碼時匹配舊密碼?

我需要檢查用戶輸入的舊密碼是否與數據庫中的舊密碼匹配。

我如何在春季安全中做到這一點。

下面是我的spring安全java配置。

@Configuration 
@EnableWebSecurity 
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    private UserDetailsService userDetailsService; 

    @Autowired 
    private AccessDecisionManager accessDecisionManager; 

    @Bean 
    @Autowired 
    public AccessDecisionManager accessDecisionManager(AccessDecisionVoterImpl accessDecisionVoter) { 
     List<AccessDecisionVoter<?>> accessDecisionVoters = new ArrayList<AccessDecisionVoter<?>>(); 
     accessDecisionVoters.add(new WebExpressionVoter()); 
     accessDecisionVoters.add(new AuthenticatedVoter()); 
     accessDecisionVoters.add(accessDecisionVoter); 
     UnanimousBased accessDecisionManager = new UnanimousBased(accessDecisionVoters); 
     return accessDecisionManager; 
    } 

    @Override 
    @Autowired 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); 
    } 

    @Bean 
    public PasswordEncoder passwordEncoder(){ 
     PasswordEncoder passwordEncoder = new PasswordEncoder(); 
     passwordEncoder.setStringDigester(stringDigester()); 
     return passwordEncoder; 
    } 

    @Bean 
    public PooledStringDigester stringDigester() { 
     PooledStringDigester psd = new PooledStringDigester(); 

     psd.setPoolSize(2); 
     psd.setAlgorithm("SHA-256"); 
     psd.setIterations(1000); 
     psd.setSaltSizeBytes(16); 
     psd.setSaltGenerator(randomSaltGenerator()); 

     return psd; 
    } 

    @Bean 
    public RandomSaltGenerator randomSaltGenerator() { 
     RandomSaltGenerator randomSaltGenerator = new RandomSaltGenerator(); 
     return randomSaltGenerator; 
    }

此外,當新用戶創建時,我設置他的密碼如下。

user.setPassword(passwordUtils.encryptUserPassword(user.getPassword())); 


@Component("passwordUtil") 
public class PasswordUtils { 

    @Autowired 
    private PooledStringDigester _stringDigester; 

    public String encryptUserPassword(String originalPassword) { 
     String encryptedPassword = _stringDigester.digest(originalPassword); 
     return encryptedPassword; 
    } 
}

來源

2016-12-02 ashishjmeshram

回答

1

查詢存儲在DB通過使用用戶名/電子郵件/用戶ID和最後寫一個函數在PasswordUtils密碼,這使得使用PooledStringDigester.matches

public boolean isPasswordsMatch(String newPassword, String passwordFromDb) { 
    return _stringDigester.matches(newPassword, passwordFromDb); 
}

來源

2016-12-02 06:34:06 shazin

相關問題

 相關問題