Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to add salt in SpringSecurity". In the daily operation, I believe that many people have doubts about how to add salt in SpringSecurity. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubt of "how to add salt in SpringSecurity". Next, please follow the editor to study!

Password with salt

It is common sense that passwords should be treated with salt. Each permission processing framework supports this to varying degrees. Shiro and SpringSecurity all have their own solutions, and there is an upgraded message summary in SpringSecurity:

BCryptPasswordEncoder

Using BCryptPasswordEncoder, even if the plaintext is the same, the new encrypted strings generated are not the same, so that we can avoid configuring our own password salt as in Shiro. The specific process of using BCryptPasswordEncoder in SpringSecurity is as follows:

Registration processing

When a user registers, we need to deal with the password as follows:

Public int hrReg (String username, String password) {/ / error if (hrMapper.loadUserByUsername (username)! = null) {return-1;} BCryptPasswordEncoder encoder = new BCryptPasswordEncoder (); String encode = encoder.encode (password); return hrMapper.hrReg (username, encode);}

The password is processed by the encode method in BCryptPasswordEncoder.

When the user registers successfully, the password that exists in the database looks like this:

Login processing

After the password encryption is processed, the password should also be processed when logging in. Change the configure (AuthenticationManagerBuilder auth) method of the WebSecurityConfig class to the following:

@ Overrideprotected void configure (AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService (hrService) .passwordEncoder (new BCryptPasswordEncoder ());} unified exception handling

If it is not separated from the front and back end, it is generally easy to deal with the exception, just jump to the relevant error page, and now the front and rear end is separated, if there is an exception, you can no longer jump to the error page, but we can return to JSON! We can uniformly handle the exceptions that may occur on the server side.

Take a chestnut:

When an administrator wants to delete a role, if there are still associated users or resources under that role, the deletion will fail due to the constraints of foreign keys in the database (this is the case with my business logic. Do not talk to me about cascade (* ^ _ ^ *). When deletion fails, a DataIntegrityViolationException exception will be thrown. I will catch the exception and deal with it uniformly.

The handling method is as follows: custom exception handling class

Customize the exception handling class CustomExceptionResolver, as follows:

Public class CustomExceptionResolver implements HandlerExceptionResolver {@ Override public ModelAndView resolveException (HttpServletRequest httpServletRequest, HttpServletResponse response, Object o, Exception e) {ModelAndView mv = new ModelAndView (new MappingJackson2JsonView ()); Map map = new HashMap (); map.put ("status", "error"); if (e instanceof DataIntegrityViolationException) {map.put ("msg", "deletion failed!") } mv.addAllObjects (map); return mv;}}

Here I receive all kinds of exceptions thrown by the system, judge the type of exception, and return different prompts according to different types. Of course, I have only one case here.

Register CustomExceptionResolver as a Bean

It is relatively easy to register CustomExceptionResolver as Bean. You can add @ Component annotation directly to the class, or you can configure it through Java, as follows:

@ Configurationpublic class WebMvcConfig extends WebMvcConfigurerAdapter {@ Bean public CustomExceptionResolver customExceptionResolver () {return new CustomExceptionResolver ();}} at this point, the study on "how to add salt to the password in SpringSecurity" is over. I hope I can solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.