后台的加密代码:用户名:zhangsan 密码:123
/** * 编译密码,即加密 * @param user 用户信息 * @param password 密码 * @return 返回值为加密加盐值后的密码(密码,用户名) */ private String encodePassword(VtUser user, String password) { Md5PasswordEncoder md5 = new Md5PasswordEncoder(); //用户名是盐值,最后生成盐值md5 return md5.encodePassword(password, user.getUserName()); }
测试用例:
userName: zhangsan
password: 123
加密后password: b2316c0d1ff0550298121a537ab93f21
先看下MessageDigestPasswordEncoder.java加密函数, 用户名是盐值, 最终生成盐值MD5:
public String encodePassword(String rawPass, Object salt) { String saltedPass = mergePasswordAndSalt(rawPass, salt, false); //字符串拼接成rawPass{salt}格式 MessageDigest messageDigest = getMessageDigest(); //就是MessageDigest.getInstance byte[] digest = messageDigest.digest(Utf8.encode(saltedPass)); //转换成utf-8格式字节流 // "stretch" the encoded value if configured to do so for (int i = 1; i < iterations; i++) { digest = messageDigest.digest(digest); //iterations的初值是1, 所以不会进来 } if (getEncodeHashAsBase64()) { //该函数默认返回false return Utf8.decode(Base64.encode(digest)); } else { return new String(Hex.encode(digest)); //最终执行这一行 } }