下面列出了怎么用org.springframework.security.crypto.password.DelegatingPasswordEncoder的API类实例代码及写法,或者点击链接到github查看源代码。
@SuppressWarnings("deprecation")
public static PasswordEncoder createDelegatingPasswordEncoder() {
String encodingId = "pbkdf2";
Map<String, PasswordEncoder> encoders = new HashMap<>();
encoders.put(encodingId, new BCryptPasswordEncoder());
encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder());
encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder());
encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5"));
encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance());
encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
encoders.put("scrypt", new SCryptPasswordEncoder());
encoders.put("SHA-1", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1"));
encoders.put("SHA-256", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256"));
encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder());
return new DelegatingPasswordEncoder(encodingId, encoders);
}
@Test
@SuppressWarnings("unchecked")
public void encode() throws Exception {
String encodedPassword = this.passwordEncoder.encode("password");
Assert.assertTrue(this.passwordEncoder.matches("password", encodedPassword));
// is the ID in the encoded PW?
Field idForEncode = fieldFor(DelegatingPasswordEncoder.class, "idForEncode");
String id = String.class.cast(idForEncode.get(this.passwordEncoder));
Assert.assertTrue(encodedPassword.contains(id));
// is the default PasswordEncoder BCrypt?
Field pwEncoderMapField = fieldFor(DelegatingPasswordEncoder.class,
"idToPasswordEncoder");
Map<String, PasswordEncoder> pwEncoderMap = (Map<String, PasswordEncoder>) pwEncoderMapField
.get(this.passwordEncoder);
Assert.assertTrue(pwEncoderMap.get(id) instanceof BCryptPasswordEncoder);
}
@Bean
public PasswordEncoder delegatingPasswordEncoder() {
// Spring Security 5 require storing the encoder id alongside the encoded password
// (e.g. "{md5}hash" for an MD5-encoded password hash), which differs from previous
// versions.
//
// Airsonic unfortunately stores passwords in plain-text, which is why we are setting
// the "no-op" (plain-text) password encoder as a default here. This default will be
// used when no encoder id is present.
//
// This means that legacy Airsonic passwords (stored simply as "password" in the db)
// will be matched like "{noop}password" and will be recognized successfully. In the
// future password encoding updates will be done here.
PasswordEncoder defaultEncoder = NoOpPasswordEncoder.getInstance();
String defaultIdForEncode = "noop";
Map<String, PasswordEncoder> encoders = new HashMap<>();
encoders.put(defaultIdForEncode, defaultEncoder);
DelegatingPasswordEncoder passworEncoder = new DelegatingPasswordEncoder(defaultIdForEncode, encoders);
passworEncoder.setDefaultPasswordEncoderForMatches(defaultEncoder);
return passworEncoder;
}
@Bean
public PasswordEncoder passwordEncoder()
{
// Set up a DelegatingPasswordEncoder which decodes legacy passwords using the
// StandardPasswordEncoder but encodes passwords using the modern BCryptPasswordEncoder
String encoderForEncoding = "bcrypt";
Map<String, PasswordEncoder> encoders = new HashMap<>();
encoders.put(encoderForEncoding, new BCryptPasswordEncoder());
DelegatingPasswordEncoder delegatingEncoder = new DelegatingPasswordEncoder(
encoderForEncoding, encoders);
// Decode legacy passwords without encoder ID using the StandardPasswordEncoder
delegatingEncoder.setDefaultPasswordEncoderForMatches(new StandardPasswordEncoder());
return delegatingEncoder;
}
@Bean
public PasswordEncoder passwordEncoder() {
Map<String,PasswordEncoder> encoders = new HashMap<>();
encoders.put(PwdEncodingAlgo.BCrypt.getStatus(), new BCryptPasswordEncoder());
encoders.put(PwdEncodingAlgo.Pbkf2.getStatus(), new Pbkdf2PasswordEncoder());
encoders.put(PwdEncodingAlgo.SCrypt.getStatus(), new SCryptPasswordEncoder());
return new DelegatingPasswordEncoder(PwdEncodingAlgo.BCrypt.getStatus(), encoders);
}
@Test
public void standaloneIdmEngineWithDelegatingPasswordEncoder() {
contextRunner
.withPropertyValues("flowable.idm.password-encoder=spring_delegating")
.run(context -> {
IdmEngine idmEngine = context.getBean(IdmEngine.class);
assertThat(context).hasSingleBean(PasswordEncoder.class);
org.flowable.idm.api.PasswordEncoder flowablePasswordEncoder = idmEngine.getIdmEngineConfiguration().getPasswordEncoder();
PasswordEncoder passwordEncoder = context.getBean(PasswordEncoder.class);
assertThat(flowablePasswordEncoder)
.isInstanceOfSatisfying(SpringEncoder.class, springEncoder -> {
assertThat(springEncoder.getSpringEncodingProvider()).isEqualTo(passwordEncoder);
});
assertThat(passwordEncoder).isInstanceOf(DelegatingPasswordEncoder.class);
assertThat(flowablePasswordEncoder.encode("test", null))
.as("encoded password")
.startsWith("{bcrypt}");
assertThatThrownBy(() -> flowablePasswordEncoder.isMatches("test", "test", null))
.as("encoder matches password")
.isInstanceOf(IllegalArgumentException.class)
.hasMessage("There is no PasswordEncoder mapped for the id \"null\"");
});
}
@Test
public void standaloneIdmEngineWithDelegatingBCryptDefaultPasswordEncoder() {
contextRunner
.withPropertyValues("flowable.idm.password-encoder=spring_delegating_bcrypt")
.run(context -> {
IdmEngine idmEngine = context.getBean(IdmEngine.class);
assertThat(context).hasSingleBean(PasswordEncoder.class);
org.flowable.idm.api.PasswordEncoder flowablePasswordEncoder = idmEngine.getIdmEngineConfiguration().getPasswordEncoder();
PasswordEncoder passwordEncoder = context.getBean(PasswordEncoder.class);
assertThat(flowablePasswordEncoder)
.isInstanceOfSatisfying(SpringEncoder.class, springEncoder -> {
assertThat(springEncoder.getSpringEncodingProvider()).isEqualTo(passwordEncoder);
});
assertThat(passwordEncoder).isInstanceOf(DelegatingPasswordEncoder.class);
assertThat(flowablePasswordEncoder.encode("test", null))
.as("encoded password")
.startsWith("{bcrypt}");
assertThat(flowablePasswordEncoder.isMatches("test", "test", null))
.as("encoder matchers clear text password")
.isFalse();
assertThat(flowablePasswordEncoder.isMatches("test", new BCryptPasswordEncoder().encode("test"), null))
.as("encoder matchers only bcrypt text password")
.isTrue();
});
}
@Test
public void standaloneIdmEngineWithDelegatingNoopDefaultPasswordEncoder() {
contextRunner
.withPropertyValues("flowable.idm.password-encoder=spring_delegating_noop")
.run(context -> {
IdmEngine idmEngine = context.getBean(IdmEngine.class);
assertThat(context).hasSingleBean(PasswordEncoder.class);
org.flowable.idm.api.PasswordEncoder flowablePasswordEncoder = idmEngine.getIdmEngineConfiguration().getPasswordEncoder();
PasswordEncoder passwordEncoder = context.getBean(PasswordEncoder.class);
assertThat(flowablePasswordEncoder)
.isInstanceOfSatisfying(SpringEncoder.class, springEncoder -> {
assertThat(springEncoder.getSpringEncodingProvider()).isEqualTo(passwordEncoder);
});
assertThat(passwordEncoder).isInstanceOf(DelegatingPasswordEncoder.class);
assertThat(flowablePasswordEncoder.encode("test", null))
.as("encoded password")
.startsWith("{bcrypt}");
assertThat(flowablePasswordEncoder.isMatches("test", "test", null))
.as("encoder matchers clear text password")
.isTrue();
assertThat(flowablePasswordEncoder.isMatches("test", new BCryptPasswordEncoder().encode("test"), null))
.as("encoder matchers only bcrypt text password")
.isFalse();
});
}
@Bean
public PasswordEncoder passwordEncoder()
{
// Set up a DelegatingPasswordEncoder which decodes legacy passwords using the
// StandardPasswordEncoder but encodes passwords using the modern BCryptPasswordEncoder
String encoderForEncoding = "bcrypt";
Map<String, PasswordEncoder> encoders = new HashMap<>();
encoders.put(encoderForEncoding, new BCryptPasswordEncoder());
DelegatingPasswordEncoder delegatingEncoder = new DelegatingPasswordEncoder(
encoderForEncoding, encoders);
// Decode legacy passwords without encoder ID using the StandardPasswordEncoder
delegatingEncoder.setDefaultPasswordEncoderForMatches(new StandardPasswordEncoder());
return delegatingEncoder;
}
@Bean
public PasswordEncoder passwordEncoder() {
Map<String, PasswordEncoder> encoders = new HashMap<>();
encoders.put("bcrypt", new BCryptPasswordEncoder());
encoders.put("sha256", new MessageDigestPasswordEncoder("SHA-256"));
return new DelegatingPasswordEncoder("bcrypt", encoders);
}
@Test
public void 스프링시큐리티_암호_인코딩() {
String password = passwordEncoder.encode("1111");
Assert.assertFalse(passwordEncoder.matches("1112", password));
Assert.assertTrue(passwordEncoder.matches("1111", password));
DelegatingPasswordEncoder newPasswordEncoder = (DelegatingPasswordEncoder) PasswordEncoderFactories.createDelegatingPasswordEncoder();
newPasswordEncoder.setDefaultPasswordEncoderForMatches(new StandardPasswordEncoder());
System.out.println(newPasswordEncoder.encode("1111"));
Assert.assertTrue(newPasswordEncoder.matches("1111", password));
}
PasswordEncoder oldPasswordEncoder() {
String md5 = "MD5";
return new DelegatingPasswordEncoder(md5,
Collections.singletonMap(md5, new MessageDigestPasswordEncoder(md5)));
}