Bcrypt密码编码与spring Boot中输入的密码不匹配?
Bcrypt password encoding doesnt matches the input password in springBoot?
我正在使用 springsecurity bcrypt 密码编码器对我的密码进行编码,这就是我保存密码的方式
public User saveUser(User newUser) {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
String encode = bCryptPasswordEncoder.encode(newUser.getPassword());
newUser.setPassword(encode);
User user = userRepo.save(newUser);
return user;
}
这就是我定义 bean 的方式
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
但是当我尝试将密码与编码后的密码进行匹配时,我无法登录。我使用了 passwordencoder.matches 但它没有帮助
public Response login(String username, String password) throws Exception {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
Response response = new Response();
Optional<User> byuser_nameAndPassword = userRepo.getByuser_nameAndPassword(username);
User user = byuser_nameAndPassword.get();
String encodedPassword = passwordEncoder.encode(password);
boolean matches = passwordEncoder.matches(encodedPassword, user.getPassword());
if (matches){
response.setStatus(201);
response.setMessage("Login Succeeded");
} else {
response.setStatus(403);
response.setMessage("You are not Authorized");
}
return response;
}
}
感谢任何帮助。
您将错误格式的参数传递给 boolean matches = passwordEncoder.matches(encodedPassword, user.getPassword());
boolean matches(java.lang.CharSequence rawPassword, java.lang.String encodedPassword)
第一个参数必须是原始密码,而不是编码后的密码。
应该是:
boolean matches = passwordEncoder.matches(password, user.getPassword())
我正在使用 springsecurity bcrypt 密码编码器对我的密码进行编码,这就是我保存密码的方式
public User saveUser(User newUser) {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
String encode = bCryptPasswordEncoder.encode(newUser.getPassword());
newUser.setPassword(encode);
User user = userRepo.save(newUser);
return user;
}
这就是我定义 bean 的方式
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
但是当我尝试将密码与编码后的密码进行匹配时,我无法登录。我使用了 passwordencoder.matches 但它没有帮助
public Response login(String username, String password) throws Exception {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
Response response = new Response();
Optional<User> byuser_nameAndPassword = userRepo.getByuser_nameAndPassword(username);
User user = byuser_nameAndPassword.get();
String encodedPassword = passwordEncoder.encode(password);
boolean matches = passwordEncoder.matches(encodedPassword, user.getPassword());
if (matches){
response.setStatus(201);
response.setMessage("Login Succeeded");
} else {
response.setStatus(403);
response.setMessage("You are not Authorized");
}
return response;
}
}
感谢任何帮助。
您将错误格式的参数传递给 boolean matches = passwordEncoder.matches(encodedPassword, user.getPassword());
boolean matches(java.lang.CharSequence rawPassword, java.lang.String encodedPassword)
第一个参数必须是原始密码,而不是编码后的密码。
应该是:
boolean matches = passwordEncoder.matches(password, user.getPassword())