Spring Security <password-encoder>
ITWeb/개발일반 2012. 3. 12. 18:05<authentication-provider user-service-ref="userDetailsService">
<password-encoder hash="md5" base64="true"/>
</authentication-provider>
- base64 인코딩을 해서 사용한다는 의미 입니다.
- 결국 client 에서 전달 되는 값들을 md5 로 암호화 하고 base64로 인코딩 후 password 비교를 하게 됩니다.
- DB 에 password 저장 시 당연히 md5 암호화를 하고 base64 encoding 후 저장을 해야 정상적으로 비교가 되겠죠..
[참고내용]
- URL : http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#nsa-password-encoder
B.2.4 <password-encoder>
Authentication providers can optionally be configured to use a password encoder as described in the namespace introduction. This will result in the bean being injected with the appropriate PasswordEncoder
instance, potentially with an accompanying SaltSource
bean to provide salt values for hashing.
Defines the hashing algorithm used on user passwords. We recommend strongly against using MD4, as it is a very weak hashing algorithm.