spring security加密密碼修改
貌似現在的框架有點問題,驗證的時候用的是明文,但新密碼卻要使用加密後密碼,否則在資料庫儲存中就是明文密碼,只好按以下方式修改密碼了,也許什麼地方我沒搞對:
@RequestMapping(value = "/account/changePassword", method = RequestMethod.POST)
public String submitChangePasswordPage(
@RequestParam("oldpassword") String oldPassword,
@RequestParam("password") String newPassword,
HttpServletRequest request) {
System.out.println("change password.............");
try{
//jdbcUserDetailsManager.changePassword(oldPassword, newPassword);
jdbcUserDetailsManager.changePassword(oldPassword, new ShaPasswordEncoder().encodePassword(newPassword,null));
}
catch( AuthenticationException e )
{
System.out.println( "Old password is incorrect!please rechange" );
//e.printStackTrace();
return "redirect:/account/change";
}
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
User user = (User)auth.getPrincipal();
String userName = user.getUsername();
SecurityContextHolder.clearContext();
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(userName, newPassword);
try {
token.setDetails(new WebAuthenticationDetails(request));
Authentication authenticatedUser = authenticationManager
.authenticate(token);
request.getSession();
SecurityContextHolder.getContext().setAuthentication(
authenticatedUser);
request.getSession()
.setAttribute(
HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
SecurityContextHolder.getContext());
} catch (AuthenticationException e) {
System.out.println("Authentication failed: " + e.getMessage());
return "redirect:/account/change";
}
return "redirect:/";
}