密码加密与存储完全指南

密码加密与存储完全指南前言密码安全存储是系统安全的基础本文介绍密码加密的最佳实践。一、密码加密1.1 PasswordEncoder配置Configuration public class PasswordEncoderConfig { Bean public PasswordEncoder passwordEncoder() { return PasswordEncoderFactories.createDelegatingPasswordEncoder(); } }1.2 密码更新服务Service RequiredArgsConstructor public class PasswordService { private final PasswordEncoder passwordEncoder; public String encodePassword(String rawPassword) { return passwordEncoder.encode(rawPassword); } public boolean matches(String rawPassword, String encodedPassword) { return passwordEncoder.matches(rawPassword, encodedPassword); } Transactional public void changePassword(Long userId, String oldPassword, String newPassword) { User user userRepository.findById(userId) .orElseThrow(() - new UserNotFoundException(userId)); if (!passwordEncoder.matches(oldPassword, user.getPassword())) { throw new InvalidPasswordException(Invalid old password); } user.setPassword(passwordEncoder.encode(newPassword)); userRepository.save(user); // 使所有现有token失效 tokenService.revokeAllUserTokens(userId); } }二、总结使用BCrypt等强哈希算法存储密码结合盐值可以有效防止彩虹表攻击。