modify BCryptPasswordEncoder

ad229263 · 杨伊博 · 1de6a7c2 · ad229263 · ad229263 · ad229263
Commit ad229263 authored Mar 02, 2017 by 杨伊博
8 changed files
--- a/springboot-springSecurity2/src/main/java/com/us/example/config/WebSecurityConfig.java
+++ b/springboot-springSecurity2/src/main/java/com/us/example/config/WebSecurityConfig.java
 package com.us.example.config;
 import com.us.example.security.CustomUserService;
-import com.us.example.util.MD5Util;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -11,11 +9,7 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
-import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 /**
 * Created by yangyibo on 17/1/18.
@@ -31,17 +25,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.userDetailsService(customUserService).passwordEncoder(new PasswordEncoder(){
+        auth.userDetailsService(customUserService).passwordEncoder(new BCryptPasswordEncoder());
-            @Override
-            public String encode(CharSequence rawPassword) {
-                return MD5Util.encode((String)rawPassword);
-            }
-            @Override
-            public boolean matches(CharSequence rawPassword, String encodedPassword) {
-                return encodedPassword.equals(MD5Util.encode((String)rawPassword));
-            }}); //user Details Service验证
    }
    @Override

--- a/springboot-springSecurity2/src/main/java/com/us/example/controller/HomeController.java
+++ b/springboot-springSecurity2/src/main/java/com/us/example/controller/HomeController.java
 package com.us.example.controller;
+import com.us.example.dao.UserDao;
+import com.us.example.domain.SysUser;
+import com.us.example.service.UserService;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.annotation.Secured;
 import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
@@ -12,6 +17,8 @@ import org.springframework.web.bind.annotation.ResponseBody;
 @Controller
 @RequestMapping("/users")
 public class HomeController {
+    @Autowired
+    UserService userService;
    @RequestMapping(method = RequestMethod.GET)
    @ResponseBody
@@ -22,8 +29,8 @@ public class HomeController {
    @Secured({"ROLE_ADMIN","ROLE_USER"})
    @RequestMapping(method = RequestMethod.POST)
    @ResponseBody
-    public String save() {
+    public Object save(@RequestBody SysUser user) {
-        return "saveUser";
+        return  userService.create(user);
    }

--- a/springboot-springSecurity2/src/main/java/com/us/example/dao/UserDao.java
+++ b/springboot-springSecurity2/src/main/java/com/us/example/dao/UserDao.java
@@ -4,5 +4,7 @@ import com.us.example.domain.SysUser;
 public interface UserDao {
-    public SysUser findByUserName(String username);
+     SysUser findByUserName(String username);
+     int create (SysUser sysUser);
 }
--- a/springboot-springSecurity2/src/main/java/com/us/example/domain/SysUser.java
+++ b/springboot-springSecurity2/src/main/java/com/us/example/domain/SysUser.java
@@ -16,6 +16,8 @@ public class SysUser implements UserDetails {  // implements UserDetails 用于
    private String username;
    @JsonIgnore
    private String password;
+    private String rawPassword;
+    @JsonIgnore
    private List<SysRole> roles;
    private List<? extends GrantedAuthority> authorities;
@@ -52,16 +54,27 @@ public class SysUser implements UserDetails {  // implements UserDetails 用于
        this.roles = roles;
    }
+    public String getRawPassword() {
+        return rawPassword;
+    }
+    public void setRawPassword(String rawPassword) {
+        this.rawPassword = rawPassword;
+    }
    @JsonIgnore
    @Override
    public boolean isAccountNonExpired() {
        return true;
    }
    @JsonIgnore
    @Override
    public boolean isAccountNonLocked() {
        return true;
    }
    @JsonIgnore
    @Override
    public boolean isCredentialsNonExpired() {
@@ -74,11 +87,13 @@ public class SysUser implements UserDetails {  // implements UserDetails 用于
    public boolean isEnabled() {
        return true;
    }
    @JsonIgnore
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorities;
    }
    public void setGrantedAuthorities(List<? extends GrantedAuthority> authorities) {
        this.authorities = authorities;
    }

--- a/springboot-springSecurity2/src/main/java/com/us/example/service/UserService.java
+++ b/springboot-springSecurity2/src/main/java/com/us/example/service/UserService.java
+package com.us.example.service;
+import com.us.example.dao.UserDao;
+import com.us.example.domain.SysUser;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.stereotype.Service;
+/**
+ * Created by yangyibo on 17/3/2.
+ */
+@Service
+public class UserService {
+    @Autowired
+    UserDao userDao;
+    public SysUser create(SysUser sysUser){
+        //进行加密
+        BCryptPasswordEncoder encoder =new BCryptPasswordEncoder();
+        sysUser.setPassword(encoder.encode(sysUser.getRawPassword().trim()));
+        userDao.create(sysUser);
+    return sysUser;
+    }
+}
--- a/springboot-springSecurity2/src/main/java/com/us/example/util/BCryptPasswordEncoderTest.java
+++ b/springboot-springSecurity2/src/main/java/com/us/example/util/BCryptPasswordEncoderTest.java
+package com.us.example.util;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+/**
+ * Created by yangyibo on 17/3/2.
+ */
+public class BCryptPasswordEncoderTest {
+    public static void main(String[] args) {
+        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+        System.out.println(encoder.encode("abel"));
+        System.out.println(encoder.encode("admin"));
+    }
+}
--- a/springboot-springSecurity2/src/main/java/com/us/example/util/MD5Util.java
+++ b/springboot-springSecurity2/src/main/java/com/us/example/util/MD5Util.java
-package com.us.example.util;
-/**
- * Created by yangyibo on 17/2/7.
- */
-import java.security.MessageDigest;
-/**
- * MD5加密工具
- *
- */
-public class MD5Util {
-    private static final String SALT = "exampel";
-    public static String encode(String password) {
-        password = password + SALT;
-        MessageDigest md5 = null;
-        try {
-            md5 = MessageDigest.getInstance("MD5");
-        } catch (Exception e) {
-            throw new RuntimeException(e);
-        }
-        char[] charArray = password.toCharArray();
-        byte[] byteArray = new byte[charArray.length];
-        for (int i = 0; i < charArray.length; i++)
-            byteArray[i] = (byte) charArray[i];
-        byte[] md5Bytes = md5.digest(byteArray);
-        StringBuffer hexValue = new StringBuffer();
-        for (int i = 0; i < md5Bytes.length; i++) {
-            int val = ((int) md5Bytes[i]) & 0xff;
-            if (val < 16) {
-                hexValue.append("0");
-            }
-            hexValue.append(Integer.toHexString(val));
-        }
-        return hexValue.toString();
-    }
-    public static void main(String[] args) {
-        System.out.println(MD5Util.encode("abel"));
-        System.out.println(MD5Util.encode("admin"));
-    }
-}
\ No newline at end of file
--- a/springboot-springSecurity2/src/main/resources/mapper/UserDaoMapper.xml
+++ b/springboot-springSecurity2/src/main/resources/mapper/UserDaoMapper.xml
@@ -18,4 +18,14 @@
        LEFT JOIN Sys_Role r on sru.Sys_Role_id=r.id
        where username= #{username}
 	</select>
+    <insert id="create" parameterType="com.us.example.domain.SysUser">
+        <selectKey resultType="int"  order="AFTER" keyProperty="id" >
+            SELECT LAST_INSERT_ID()
+        </selectKey>
+       INSERT into Sys_User
+       (username,password)
+       values
+       (#{username},#{password})
+    </insert>
 </mapper>
\ No newline at end of file