Spring AuthenticationManagerBuilder 密码散列
Spring AuthenticationManagerBuilder Password Hashing
我正在尝试在 Spring 中设置用户身份验证,但在添加密码散列后它无法进行身份验证。我正在使用 Spring 启动和 Spring 安全。
这是我的代码的简化版本:
客户实体:
@Entity
public class Customer {
private String username;
private String password;
public Customer() {
}
@Column
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
@Column(length=100)
public String getPassword() {
return password;
}
public String setPassword(String password) {
this.password = new BCryptPasswordEncoder().encode(password);
}
}
安全配置:
@SpringBootApplication
@EnableAutoConfiguration
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
@Configuration
@EnableWebSecurity
class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private CustomerRepository customerRepository;
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated().and().
httpBasic().and().
csrf().disable();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
@Bean
protected UserDetailsService userDetailsService() {
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Customer customer = customerRepository.findByUsername(username);
if(user != null) {
return new User(username, customer.getPassword(), true, true, true, true,
AuthorityUtils.createAuthorityList("USER"));
} else {
throw new UsernameNotFoundException("could not find the user '"
+ username + "'");
}
}
};
}
}
就像我说的,如果我删除密码编码器(从 AuthenticationManagerBuilder 和 Customer 实体),输入用户名和密码将进行身份验证。但是,当我添加 BCryptPasswordEncoder 时,它没有进行身份验证,也没有给出错误消息。
不要在实体的设置方法中对密码进行编码。您只需要在创建新用户时执行此操作。 Spring 保安会处理剩下的事情
我正在尝试在 Spring 中设置用户身份验证,但在添加密码散列后它无法进行身份验证。我正在使用 Spring 启动和 Spring 安全。
这是我的代码的简化版本:
客户实体:
@Entity
public class Customer {
private String username;
private String password;
public Customer() {
}
@Column
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
@Column(length=100)
public String getPassword() {
return password;
}
public String setPassword(String password) {
this.password = new BCryptPasswordEncoder().encode(password);
}
}
安全配置:
@SpringBootApplication
@EnableAutoConfiguration
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
@Configuration
@EnableWebSecurity
class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private CustomerRepository customerRepository;
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated().and().
httpBasic().and().
csrf().disable();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
@Bean
protected UserDetailsService userDetailsService() {
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Customer customer = customerRepository.findByUsername(username);
if(user != null) {
return new User(username, customer.getPassword(), true, true, true, true,
AuthorityUtils.createAuthorityList("USER"));
} else {
throw new UsernameNotFoundException("could not find the user '"
+ username + "'");
}
}
};
}
}
就像我说的,如果我删除密码编码器(从 AuthenticationManagerBuilder 和 Customer 实体),输入用户名和密码将进行身份验证。但是,当我添加 BCryptPasswordEncoder 时,它没有进行身份验证,也没有给出错误消息。
不要在实体的设置方法中对密码进行编码。您只需要在创建新用户时执行此操作。 Spring 保安会处理剩下的事情