问题
I am working on web application project in Spring Hibernate MVC.
I am storing encoded password in the database using Bcrypt algorithm in Spring security.
Now I want to get that encoded password to be decoded to deactivate Use account where in I am giving user email and password to verify before user deactivate the account.
I have problem in getting decoded password.
Can anyone help me to get out of it or any alternate solution for my requirement?
回答1:
The problem is solved by using below code:
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
encoder.matches(password, user.getPassword());
password - from form(JSP)user.getPassword() - from database
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
if(email.equalsIgnoreCase(user.getEmail()) && encoder.matches(password, user.getPassword())) {
userService.deactivateUserByID(user.getId());
redirectAttributes.addFlashAttribute("successmsg", "Your account has been deactivated successfully.");
model.setViewName("redirect:/logout");
}else{
redirectAttributes.addFlashAttribute("errormsg", "Email or Password is incorrect");
model.setViewName("redirect:/app/profile/deactivate");
}
回答2:
BCryptPasswordEncoder bcrypt= new BCryptPasswordEncoder();
boolean isPasswordMatches=bcrypt.matches(userenteredpasswordWithotEncryoted, encryptedPasswordFromDb);
Ex
boolean isPasswordMatches= bcrypt.matches("Truck123",
"$2a$10$kcVH3Uy86nJgQtYqAFffZORT9wbNMuNtqytcUZQRX51dx6IfSFEd.");
if(isPasswordMatches) // correct password
else // Wrong Password
来源:https://stackoverflow.com/questions/26905721/decode-the-bcrypt-encoded-password-in-spring-security-to-deactivate-user-account