如何在 Quarkus / Wildfly 中验证/比较/等于 BCrypt 散列密码与给定密码
How to verify / compare / equal BCrypt hashed Password with a given Password in Quarkus / Wildfly
我已经实施 basic auth 使用 jpa 的安全性。我所有的 REST-Endpoints 现在都可以验证客户端请求的 Authorization header。
密码的验证由框架完成。现在我需要能够使用存储的密码哈希来验证密码。
在默认配置下,用户密码使用函数 BcryptUtil.bcryptHash(String password) 存储为散列。我怎样才能检查
如果给定的密码字符串与存储的 bcrypt 哈希值匹配?
我编写了一个小实用程序 class,它使用 bcrypt 密码哈希验证密码字符串。
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.password.interfaces.BCryptPassword;
import org.wildfly.security.password.util.ModularCrypt;
import io.quarkus.elytron.security.common.BcryptUtil;
public class SecurityUtil {
public static void main(String[] args) throws Exception {
String bCryptPasswordHash = BcryptUtil.bcryptHash("Password_1");
String passwordToVerify = "Password_1";
System.out.println(verifyBCryptPassword(bCryptPasswordHash, passwordToVerify)); // -> true
System.out.println(verifyBCryptPassword(bCryptPasswordHash, "NotPassword_1")); // --> false
}
public static boolean verifyBCryptPassword(String bCryptPasswordHash, String passwordToVerify) throws Exception {
WildFlyElytronPasswordProvider provider = new WildFlyElytronPasswordProvider();
// 1. Create a BCrypt Password Factory
PasswordFactory passwordFactory = PasswordFactory.getInstance(BCryptPassword.ALGORITHM_BCRYPT, provider);
// 2. Decode the hashed user password
Password userPasswordDecoded = ModularCrypt.decode(bCryptPasswordHash);
// 3. Translate the decoded user password object to one which is consumable by this factory.
Password userPasswordRestored = passwordFactory.translate(userPasswordDecoded);
// Verify existing user password you want to verify
return passwordFactory.verify(userPasswordRestored, passwordToVerify.toCharArray());
}
}
我已经实施 basic auth 使用 jpa 的安全性。我所有的 REST-Endpoints 现在都可以验证客户端请求的 Authorization header。
密码的验证由框架完成。现在我需要能够使用存储的密码哈希来验证密码。
在默认配置下,用户密码使用函数 BcryptUtil.bcryptHash(String password) 存储为散列。我怎样才能检查
如果给定的密码字符串与存储的 bcrypt 哈希值匹配?
我编写了一个小实用程序 class,它使用 bcrypt 密码哈希验证密码字符串。
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.password.interfaces.BCryptPassword;
import org.wildfly.security.password.util.ModularCrypt;
import io.quarkus.elytron.security.common.BcryptUtil;
public class SecurityUtil {
public static void main(String[] args) throws Exception {
String bCryptPasswordHash = BcryptUtil.bcryptHash("Password_1");
String passwordToVerify = "Password_1";
System.out.println(verifyBCryptPassword(bCryptPasswordHash, passwordToVerify)); // -> true
System.out.println(verifyBCryptPassword(bCryptPasswordHash, "NotPassword_1")); // --> false
}
public static boolean verifyBCryptPassword(String bCryptPasswordHash, String passwordToVerify) throws Exception {
WildFlyElytronPasswordProvider provider = new WildFlyElytronPasswordProvider();
// 1. Create a BCrypt Password Factory
PasswordFactory passwordFactory = PasswordFactory.getInstance(BCryptPassword.ALGORITHM_BCRYPT, provider);
// 2. Decode the hashed user password
Password userPasswordDecoded = ModularCrypt.decode(bCryptPasswordHash);
// 3. Translate the decoded user password object to one which is consumable by this factory.
Password userPasswordRestored = passwordFactory.translate(userPasswordDecoded);
// Verify existing user password you want to verify
return passwordFactory.verify(userPasswordRestored, passwordToVerify.toCharArray());
}
}