Spring Security 加密,默认加salt的输出为:password{salt};然后再对这个加salt后的密码加密存储。
源码如下:
protected String mergePasswordAndSalt(String password, Object salt, boolean strict) {
if(password == null) {
password = "";
}
if(strict && salt != null && (salt.toString().lastIndexOf("{") != -1 || salt.toString().lastIndexOf("}") != -1)) {
throw new IllegalArgumentException("Cannot use { or } in salt.toString()");
} else {
return salt != null && !"".equals(salt)?password + "{" + salt.toString() + "}":password;
}
}
Md5PasswordEncoder encoder = new Md5PasswordEncoder();
// encoder.setEncodeHashAsBase64(true);
System.out.println(encoder.encodePassword(rawPwd, salt));
对于默认的加密可采用这种手动加密,并输出加密后的MD5值。