Open dongwq opened 9 years ago
Hi @dongwq,
how is this code related to the plugin and which part of the plugin's behaviour is wrong?
Hi @mgdelacroix , this method comes from class UserSaltProvider.It throws
throw new RuntimeException("$userClass class needs $saltField field")
if the userClass doesn't have a salt Filed.
salt field is unnessary,when algorithem is bcrypt. you can see it org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder(from spring-security)
+1, The salt for bcrypt and pbkdf2 like key derivation functions should be completely random. And generated from CSRNG,
It not make sense have a salt stored in the user model, as usually the salts should be public and can be prepended or appended to the result of pasword derivation function. As sprint framework is doing for you as far as I known.
salt is unnecessary, when default algorithm is bcrypt the code below throw exception with a salt field