【发布时间】:2015-02-28 15:09:49
【问题描述】:
我正在使用新的BCryptPasswordEncoder 将用户密码散列到数据库(在我的例子中是 MongoDB)。当我刚刚测试我的登录时,我将我的安全配置中的密码编码器设置为BCryptPasswordEncoder,但是当我尝试登录时我得到了错误的凭据(当然使用正确的凭据)。我错过了什么?
安全配置:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebMvcSecurity
public class VZWebSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
VZUserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(userDetailsService).passwordEncoder(encoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.permitAll()
.and()
.logout()
.permitAll();
}
@Bean
public PasswordEncoder encoder(){
return new BCryptPasswordEncoder();
}
}
为了从一些有效用户开始,我用一些用户初始化数据库:
import java.util.ArrayList;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import vertyze.platform.data.constants.VZUserRoles;
@Configuration
@ComponentScan("it.vertyze.platform")
@EnableAutoConfiguration
public class Application implements CommandLineRunner {
@Autowired
VZUserRepository userRepository;
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Override
public void run(String... args) throws Exception {
userRepository.deleteAll();
PasswordEncoder encoder = new BCryptPasswordEncoder();
List<VZUserRoles> siteAdmin = new ArrayList<VZUserRoles>();
siteAdmin.add(VZUserRoles.SITE_ADMIN);
List<VZUserRoles> siteUser = new ArrayList<VZUserRoles>();
siteUser.add(VZUserRoles.SITE_VIEWER);
VZUser user1 = new VZUser();
VZUser user2 = new VZUser();
user1.setUsername("user1");
user1.setPassword(encoder.encode("password1"));
user1.setRoles(siteAdmin);
user2.setUsername("user2");
user2.setPassword(encoder.encode("password2"));
user2.setRoles(siteUser);
userRepository.save(user1);
userRepository.save(user2);
}
}
有人可以帮我吗?谢谢!
【问题讨论】:
-
您确定自动接线方式中的编码器设置正常吗?
-
@MarianP。是的,似乎工作得很好。此外,在密码字段中输入实际哈希时,错误仍然存在。
-
好的,这很有趣,但我不确定我在这里看到的可能有什么问题。也许看看这里stackoverflow.com/questions/19846270/…
-
我也遇到了同样的问题,你找到解决办法了吗。
-
@thomi 你找到解决问题的方法了吗?我也面临同样的问题。
标签: java authentication spring-security spring-boot