SpringSecurity加密Salt

Spring Security 加密，默认加salt的输出为：password{salt};然后再对这个加salt后的密码加密存储。

源码如下：

protected String mergePasswordAndSalt(String password, Object salt, boolean strict) {
    if(password == null) {
        password = "";
    }

    if(strict && salt != null && (salt.toString().lastIndexOf("{") != -1 || salt.toString().lastIndexOf("}") != -1)) {
        throw new IllegalArgumentException("Cannot use { or } in salt.toString()");
    } else {
        return salt != null && !"".equals(salt)?password + "{" + salt.toString() + "}":password;
    }
}

 Md5PasswordEncoder encoder = new Md5PasswordEncoder();
// encoder.setEncodeHashAsBase64(true);
 System.out.println(encoder.encodePassword(rawPwd, salt));
对于默认的加密可采用这种手动加密，并输出加密后的MD5值。

转载于:https://www.cnblogs.com/itdev/p/6501464.html