public static String sha512(String pwd, String salt) {

    ShaPasswordEncoder pe = new ShaPasswordEncoder(512);
    pe.setIterations(1024);
    String hash = pe.encodePassword(pwd, salt);

    return hash;
  }
Beispiel #2
0
  private void importMongoSchema() {
    User user = new User().setUsername("user").setPassword(encoder.encodePassword("user", "user"));

    user.getAuthorities().add(Role.roleUser());

    userBS.save(user);
  }
  public Authentication authenticate(Authentication auth) throws UsernameNotFoundException {

    /** Init a database user object */
    try {
      employeeEntity = employeeDao.findByLogin(auth.getName());
    } catch (RuntimeException e) {
      throw new BadCredentialsException(
          this.messageSource.getMessage(
              "auth.no_user", new Object[] {"userName"}, "Access denied", Locale.getDefault()));
    }

    /** Checking if user account is active */
    if (employeeEntity.getActive() == 0) {
      throw new BadCredentialsException(
          this.messageSource.getMessage(
              "auth.expired", new Object[] {"active"}, "Access denied", Locale.getDefault()));
    }

    /** Compare passwords Make sure to encode the password first before comparing */
    if (!passwordEncoder.isPasswordValid(
        employeeEntity.getPassword(), (String) auth.getCredentials(), null)) {
      throw new BadCredentialsException(
          this.messageSource.getMessage(
              "auth.wrong", new Object[] {"password"}, "Access denied", Locale.getDefault()));
    }

    /**
     * main logic of Authentication manager
     *
     * @return UsernamePasswordAuthenticationToken
     */
    userAccessLogger.debug("User is located!");
    return new UsernamePasswordAuthenticationToken(
        auth.getName(), auth.getCredentials(), getAuthorities(employeeEntity.getAdmin()));
  }
Beispiel #4
0
  /**
   * 执行注册的业务逻辑。
   *
   * @param regUser 代注册的用户信息
   * @return
   */
  @RequestMapping("doRegister")
  public String doRegister(User regUser, Map<String, Object> maps) {
    // 对密码进行sha,不保存原始密码
    String password = shaPasswordEncoder.encodePassword(regUser.getPassword(), KeyValue.PASS_SALT);
    regUser.setPassword(password);
    regUser.setCreateDate(new Date());
    regUser.setId(ObjectId.get().toString());

    int result = userServiceImpl.save(regUser);
    if (result == 1) {
      return "home/index";
    } else {
      maps.put(MSG, "账号注册失败。");
      return "user/register";
    }
  }
Beispiel #5
0
 public String encodePassword(String password) {
   return shaPasswordEncoder.encodePassword(password, null);
 }
Beispiel #6
0
 /**
  * 比较密码是否相等
  *
  * @param encodePass 加密密码
  * @param rawPass 原密码
  * @return true相等,false不等
  */
 private boolean passEqual(String encodePass, String rawPass) {
   boolean passEqual = shaPasswordEncoder.isPasswordValid(encodePass, rawPass, KeyValue.PASS_SALT);
   return passEqual;
 }
 public String makeEncodePassword(UserDetails user) {
   String encodedPassword =
       passwordEncoder.encodePassword(user.getPassword(), saltSource.getSalt(user));
   return encodedPassword;
 }