I think you are asking how it works?? The answer is fairly simple. StandardPasswordEncoder.matches()
is the method you want to use. Behind the scenes, StandardPasswordEncoder
will decode the hashed password and extract the salt from the resulting byte array. It will then use that salt to hash the plain-text password you passed in. If the resulting hash matches the original hash, your passwords match! Refer to the source for the details behind StandardPasswordEncoder.matches()
:
public boolean matches(CharSequence rawPassword, String encodedPassword) {
byte[] digested = decode(encodedPassword);
byte[] salt = subArray(digested, 0, saltGenerator.getKeyLength());
return matches(digested, digest(rawPassword, salt));
}