spring基本安全中没有为id“null”映射的PasswordEncoder

Question

我的代码在春季版本 1.5.6.RELEASE 中运行良好。 但是当我将版本升级到 2.0.0 时，我的一些方法已被弃用但工作正常。 当我通过查看 There is no PasswordEncoder mapped for the id "null" with database authentication 来更改我不推荐使用的方法时 它开始给我错误“没有密码编码器”

这是我的代码。

网络配置

@Configurable
@EnableWebSecurity
public class WebConfig extends WebSecurityConfigurerAdapter {

@Autowired
AppUserDetailsService appUserDetailsService;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(appUserDetailsService);
}

@Bean
public static DelegatingPasswordEncoder passwordEncoder() {
 return (DelegatingPasswordEncoder) DelegatingPasswordEncoder.encode("noop");
}

protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(appUserDetailsService).passwordEncoder(passwordEncoder());
}

@Bean
public PasswordEncoder passwordEncoder() {
    return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}

@SuppressWarnings("deprecation")
@Bean
public WebMvcConfigurer corsConfigurer() {
    return new WebMvcConfigurerAdapter() {
        @Override
        public void addCorsMappings(CorsRegistry registry) {
            registry.addMapping("/**").allowedOrigins("http://localhost:4200");

        }
    };
}
@Override
public void configure(WebSecurity web) throws Exception {
    super.configure(web);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.cors().and()
    .authorizeRequests()
    .antMatchers("/account/register","/account/login","/logout").permitAll()
    .anyRequest().fullyAuthenticated().and()
    .logout()
    .permitAll()
    .logoutRequestMatcher(new AntPathRequestMatcher("/logout", "POST"))
    .and()
    .httpBasic().and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and()
    .csrf().disable();
}

}

账户控制人

@RestController
@RequestMapping("account")
public class AccountController {

public static final Logger logger = LoggerFactory.getLogger(AccountController.class);

@Autowired
private UserService userService;

@CrossOrigin
@RequestMapping(value = "/register", method = RequestMethod.POST)
public ResponseEntity<?> createUser(@RequestBody User newUser) {
    if (userService.find(newUser.getUsername()) != null) {
        logger.error("username Already exist " + newUser.getUsername());
        return new ResponseEntity(
                new CustomErrorType("user with username " + newUser.getUsername() + "already exist "),
                HttpStatus.CONFLICT);
    }
    newUser.setRole("USER");

    return new ResponseEntity<User>(userService.save(newUser), HttpStatus.CREATED);
}

@CrossOrigin
@RequestMapping("/login")
public Principal user(Principal principal) {
    logger.info("user logged "+principal);
    return principal;
}
}

用户服务

@Service
public class UserService {

@Autowired
UserRepository userRepository;

public User save(User user) {
    return userRepository.saveAndFlush(user);
}

public User update(User user) {
    return userRepository.save(user);
}

public User find(String userName) {
    return userRepository.findOneByUsername(userName);
}
}

我看到了所有相关的答案，但它们可用于 inMemory 身份验证。 Spring security : migrating 4.0 to 5.0 - Error -There is no PasswordEncoder mapped for the id “null” Spring Security 5 : There is no PasswordEncoder mapped for the id "null" Spring Boot PasswordEncoder Error

请帮忙。 我正在使用mysql数据库。

Answer 1

来自文档：

NoOpPasswordEncoder ：什么都不做的密码编码器。有用 用于测试可能首选使用纯文本密码的情况。

它们已被弃用，因为它们不安全。如我所见，如果您仍想使用“noop”密码编码器，只需构建自己的密码编码器实现即可。

https://github.com/spring-projects/spring-security/blob/master/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java

希望这会有所帮助。