本文介绍了使用Spring / Hibernate进行密码加密 - Jasypt或其他东西?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在一个Java应用程序栈中,Spring&数据访问层中的Hibernate(JPA),什么是应用密码加密的好方法(希望使用注释),以及在哪里可以找到更多关于完成它的知识(教程等)?

据了解,我会使用支持加密密码的算法,但如果有简单的方法,我宁愿不必实现包装逻辑。



I看着Jasypt,并a)想知道这是一个不错的选择,以及如何做到这一点,b)其他人正在使用这个。如果有人使用Jasypt或其他替代方法,那么您的体验细节就会很棒。

解决方案

Java已经为您提供了所有必需的库。如所述,只需创建一个用盐实现散列的实用程序方法>。



如果你真的不想拥有该代码,并且不介意额外的依赖,那么似乎库(以前称为)有一个的OWASP描述的内容。

它看起来像你提到的JASYPT库有一个。



我意识到这个答案没有提到Spring或Hibernate,但我不清楚你是如何在这种情况下使用它们的。


In a Java application stack with Spring & Hibernate (JPA) in the Data Access Layer, what are good methods of applying the password encryption (hopefully using annotations), and where can you find out more about getting it done (tutorial, etc)?

It's understood that I would use a JCA supported algorithm for encrypting the passwords, but I would prefer to not have to implement the wrapper logic if there is an easy way.

I was looking at Jasypt, and was a) wondering if that's a good option and how to do it and b) what else people are using for this. If anyone is using Jasypt or an alternative, details of your experience it would be great.

解决方案

Java has all of the required libraries already provided for you. Simply create a utility method that implements hashing with a salt as described at OWASP.

If you really don't want to own that code and don't mind an extra dependency, it seems that the Shiro library (formerly JSecurity) has an implementation of what is described by OWASP.

It also looks like the JASYPT library you mentioned has a similar utility.

I realize that this answer doesn't mention Spring or Hibernate but I'm not clear how you are hoping to utilize them in this scenario.

这篇关于使用Spring / Hibernate进行密码加密 - Jasypt或其他东西?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-13 05:29