From b92a785a3031ecb24e2aa9915afa8bb7310b7147 Mon Sep 17 00:00:00 2001 From: bunny <1319900154@qq.com> Date: Thu, 10 Jul 2025 19:56:48 +0800 Subject: [PATCH] =?UTF-8?q?:white=5Fcheck=5Fmark:=20=E6=B7=BB=E5=8A=A0?= =?UTF-8?q?=E6=B5=8B=E8=AF=95=E5=AF=86=E7=A0=81=E7=9B=B8=E5=85=B3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../spring/config/DefaultSecurityConfig.java | 2 +- .../spring/password/PasswordBCryptTest.java | 33 +++++++++++++++++++ .../com/spring/password/PasswordTest.java | 12 +++++++ 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 spring-security/src/test/java/com/spring/password/PasswordBCryptTest.java diff --git a/spring-security/src/main/java/com/spring/config/DefaultSecurityConfig.java b/spring-security/src/main/java/com/spring/config/DefaultSecurityConfig.java index 083c039..f84194c 100644 --- a/spring-security/src/main/java/com/spring/config/DefaultSecurityConfig.java +++ b/spring-security/src/main/java/com/spring/config/DefaultSecurityConfig.java @@ -11,7 +11,7 @@ import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.provisioning.InMemoryUserDetailsManager; - + @EnableWebSecurity @Configuration public class DefaultSecurityConfig { diff --git a/spring-security/src/test/java/com/spring/password/PasswordBCryptTest.java b/spring-security/src/test/java/com/spring/password/PasswordBCryptTest.java new file mode 100644 index 0000000..91418c7 --- /dev/null +++ b/spring-security/src/test/java/com/spring/password/PasswordBCryptTest.java @@ -0,0 +1,33 @@ +package com.spring.password; + +import lombok.extern.slf4j.Slf4j; +import org.junit.jupiter.api.Test; +import org.springframework.security.crypto.argon2.Argon2PasswordEncoder; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.util.StopWatch; + +@Slf4j +public class PasswordBCryptTest { + @Test + void BCryptPasswordEncoderTest() { + StopWatch stopWatch = new StopWatch(); + stopWatch.start(); + + // Create an encoder with strength 16 + BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(16); + String result = encoder.encode("myPassword"); + System.out.println(result); + + stopWatch.stop(); + long totalTimeMillis = stopWatch.getTotalTimeMillis() / 1000; + System.out.println(totalTimeMillis); + } + + @Test + void Argon2PasswordEncoderTest() { + // Create an encoder with all the defaults + Argon2PasswordEncoder encoder = Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8(); + String result = encoder.encode("myPassword"); + System.out.println(result); + } +} diff --git a/spring-security/src/test/java/com/spring/password/PasswordTest.java b/spring-security/src/test/java/com/spring/password/PasswordTest.java index cb6c0e0..b576c5e 100644 --- a/spring-security/src/test/java/com/spring/password/PasswordTest.java +++ b/spring-security/src/test/java/com/spring/password/PasswordTest.java @@ -16,6 +16,7 @@ public class PasswordTest { @Test void passwordEncoderTest() { + // 只是便捷机制,不适用于生产环境 PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); String encode = passwordEncoder.encode("123456"); @@ -51,4 +52,15 @@ public class PasswordTest { System.out.println(decrypted); } + @Test + void UserDetailsTest() { + // withDefaultPasswordEncoder 是不安全的不适用于生产环境 + UserDetails user = User.withDefaultPasswordEncoder() + .username("user") + .password("password") + .roles("user") + .build(); + System.out.println(user.getPassword()); + } + }