spring security - How to use SHA-512 with o.s.s.crypto.password.StandardPasswordEncoder? -


i need use sha-512 in code hash passwords.

now use o.s.s.authentication.encoding.passwordencoder while initialized shapasswordencoder(512).

in addition, o.s.s.authentication.encoding.passwordencoder supports method string encodepassword(string rawpass, object salt) allow store salt separately password.

unfortunately, o.s.s.authentication.encoding.passwordencoder deprecated.

also, o.s.s.crypto.password.standardpasswordencoder supports sha-256.

in addition final class , not allow overloading support sha-512.

how use sha-512 o.s.s.crypto.password.standardpasswordencoder? why there no public method allows pass salt stored externally?

well must admit not coherent part in spring security ... daoauthenticationprovider.getpasswordencoder() returns o.s.s.authentication.encoding.passwordencoder deprecated according javadoc !

the trick daoauthenticationprovider.getpasswordencoder() takes object parameter, , object may o.s.s.authentication.encoding.passwordencoder ... not try !

as per understanding, o.s.s.crypto.password.standardpasswordencoder example medium security , fixed sha-256. if want higher level of security, can use o.s.s.crypto.password.bcryptpasswordencoder uses robust bcrypt algorythm configurable level. after viewing sources, can confirm both use salt , store internally in encoded password.

perhaps spring security team explain reasons (discutable) choices regarding impossibility change digest algorythm cannot ; maybe because using sha enough stick (not deprecated) shapasswordencoder. noted remark in standardpasswordencoder : if developing new system, bcryptpasswordencoder better choice both in terms of security , interoperability other languages.

so, either follow advice of author of standardpasswordencoder, , use directly bcryptpasswordencoder, or have roll own.

it enough copy source of standardpasswordencoder, stick org.springframework.security.crypto.password package, because there package private imports, , modify 2 argument constructor public :

public configurablepasswordencoder(string algorithm, charsequence secret) { ... }

all more collections of workarounds clean solution, never found better way !

as conclusion, interface o.s.s.authentication.encoding.passwordencoder deprecated, because stores salt outside of encoded password. should not used further developpement of password encoders. implementation classes not deprecated (neither in last 3.2 release version, nor in 4.0.0m2) , can safely keep on using shapasswordencoder if meets requirements.


Comments

Post a Comment

Popular posts from this blog

javascript - Jquery show_hide, what to add in order to make the page scroll to the bottom of the hidden field once button is clicked -

i have button on website when clicked, reveals map. button can seen when page first loads up, when clicked, section holding map slides open , goes out of screen since page loads @ top (normal). want page scroll down bottom of div select when button pushed, if map out of screen. if page scrolled down, , clicks show map button, don't want page jump bottom of map. i tried figure out myself, no luck. seasoned jquery coders able give me guidance? many thanks! map = mapdiv.gmap3("get"); infobox = new infobox({ pixeloffset: new google.maps.size(-220, -310), closeboxurl: '', enableeventpropagation: true }); mapdiv.delegate('.infobox .close','click',function () { infobox.close(); }); jquery(".slidingdiv").hide(); jquery(".show_hide").show(); jquery('.show_hide').click(function(){ lastcenter=map.getcenter(); jquery(".slidingdiv&quo
Read more

javascript - Highcharts multi-color line -

Image
i looking create highchart multi-colored line. if goes down under value, become red, , when comes on value, become green . here picture example: or maybe highcharts have other charts models differentiate high or low level color? you can achieve coloring using lineargradient coloring: color: { lineargradient: { x1: 0, x2: 0, y1: 0, y2: 1 }, stops: [ [0, 'red'], [0.25, 'yellow'], [0.50, 'green'], [0.75, 'yellow'], [1, 'red'] ] } here 0 in stops relates minimum value of series , 1 maximum value, , in between percentages between values. if find percentages according values prior creating chart use correct stops values make relate specific values in data (at least approximately). see this jsfiddle example .
Read more

javascript - Enter key does not work in search box -

tried search guys sorry. input in search box doesnt work (or search) when hit enter when user clicks search button. doing wrong? here code. thanks. <script type="text/javascript"> $(document).ready(function() { $("#submit").click(function() { var url = "http://asla.org/awardssearch.html"; url += "?s=" + $('#googlecse').val(); window.location = url; }); $('#googlecse').keydown(function(event) { if (event.keycode == '13') { $("#submit").click(); } else { //do nothing :) } }); }); </script> <form class="navbar-form navbar-right" role="search"> <div class="search"> <input id="googlecse" type="text" onblur="if(this.value=='')this.value=this.defaultvalue;" onfocus="if(this.value==this.defaultvalue)t
Read more