Wednesday, 15 August 2012

jdbc - Spring Security - Bcrypt with CAS, MySQL, SearchModeSearchDatabaseAuthenticationHandler, and BasicDataSource -


If I have a database that stores encrypted user names and passwords using the Spring Encryption Encryption, So how do I decode it back to plain text with my current set-up in spring?

This table is for my MySQL authentication: 

  Username. Password | Enabled ---------------------------------------- Wirt (50) | Varchar (100) |

In the password field, there will be a beakrift password for each user.

Now CAS's deprecated configuration contact. For XML 

  & lt; Bean class = "org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler" & gt; & Lt; Property Name = "Table User" & gt; & Lt; Value & gt; User_authentication & lt; / Value & gt; & Lt; / Property & gt; & Lt; Property Name = "Field User" & gt; & Lt; Value & gt; Username & lt; / Value & gt; & Lt; / Property & gt; & Lt; Property Name = "Field Password" & gt; & Lt; Value & gt; Password & lt; / Value & gt; & Lt; / Property & gt; & Lt; Property Name = "Data Source" Riff = "Data Sources" / & gt; & Lt; / Bean & gt;

And I defined the data source as: 

  & lt; Bean id = "dataSource" class = "org.apache.commons.dbcp.BasicDataSource" & gt; & Lt; Property Name = "driverClassName" & gt; & Lt; Price & gt; Com.mysql.jdbc.Driver & lt; / Pricing & gt; & Lt; / Property & gt; & Lt; Property Name = "url" & gt; & Lt; Price & gt; JDBC: mysql: // Local Host: 3306 / user_mgt & lt; / Pricing & gt; & Lt; / Property & gt; & Lt; Property Name = "User Name" & gt; & Lt; Value & gt; Root & lt; / Value & gt; & Lt; / Property & gt; & Lt; Property Name = "Password" & gt; & Lt; Value & gt; Test_pw & lt; / Value & gt; & Lt; / Property & gt; & Lt; / Bean & gt;

I'm not sure that I can implement bip decoding without optimization.

When you use a hashed password, it is impossible to withdraw plain text, this Rajan For us, we use the hashing algorithms to put a hacked password. To authenticate users, you must compare hashed passwords with the password entered to connect the user with a hacked password. The safety of spring does this for you, just to let you know spring security that you use BCryptPasswordEncoder in your configuration: 

   & Lt; / Authentication Provider & gt; & Lt; / Authentication-manager & gt; ......... & lt; Beam: Bean id = "Encoder" class = "org.springframework.security.crypto.password.BCryptPasswordEncoder" />

Please, see Spring Safety Document


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)