我有一个数据库,该数据库的密码由 Spring 安全性核心1.2.7.3 编码。
现在,我使用创建了一个新的REST应用程序
compile ":spring-security-core:2.0-RC4"
compile ":spring-security-rest:1.4.0", {
excludes ('spring-security-core')
}
现在,如果我使用新应用程序对密码进行编码,则可以登录,但是无法使用数据库中存储的先前编码的密码登录。
因此,我的问题是如何使其能够使用编码密码来支持两种版本的安全性?
最佳答案
从the "what's new in version 2" documentation:
bcrypt by default
The default password hashing algorithm is now bcrypt since it is a very robust hashing approach. PBKDF2 is similar and is also supported. You can still use any message digest algorithm that is supported in your JDK; see this Java page for the available algorithms.
New applications should use bcrypt or PBKDF2, but if you didn't change the default settings in previous versions of the plugin and want to continue using the same algorithm, use these settings:
grails.plugin.springsecurity.password.algorithm = 'SHA-256' grails.plugin.springsecurity.password.hash.iterations = 1
关于grails - Spring Security编码密码从旧版本到新版本的问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37984022/