编码后的密码在 SpringBoot 2.1 中看起来不像 BCrypt。4.RELEASE
Encoded password does not look like BCrypt in SpringBoot 2.1.4.RELEASE
我有一个 SpringBoot 2.1.4.RELEASE RESTful Web 服务应用程序,使用 Spring 初始化程序,嵌入 Tomcat,Thymeleaf 模板引擎,并打包为可执行 JAR 文件。
我有这个配置文件:
@Profile("dev")
@Configuration
@EnableWebSecurity
public class DevWebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger LOG = LoggerFactory.getLogger(DevWebSecurityConfig.class);
@Autowired
private UserSecurityService userSecurityService;
@Autowired
private Environment env;
@Value("${server.servlet.context-path}")
private String serverContextPath;
/** The encryption SALT. */
private static final String SALT = "12323*&^%of";
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(12, new SecureRandom(SALT.getBytes()));
}
@Override
protected void configure(HttpSecurity http) throws Exception {
final List<String> activeProfiles = Arrays.asList(env.getActiveProfiles());
if (activeProfiles.contains("dev")) {
http.csrf().disable();
http.headers().frameOptions().disable();
}
http
.authorizeRequests()
.antMatchers(publicMatchers()).permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").defaultSuccessUrl("/guerrilla/teatre")
.failureUrl("/login?error").permitAll()
.and()
.logout().permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("carles.xuriguera@gmail.com").password("password")
.roles("ADMIN");
}
private String[] publicMatchers() {
/** Public URLs. */
final String[] PUBLIC_MATCHERS = {
"/webjars/**",
serverContextPath + "/css/**",
serverContextPath + "/js/**",
serverContextPath + "/fonts/**",
serverContextPath + "/images/**",
serverContextPath ,
"/",
"/error/**/*",
"/console/**",
SignupController.SIGNUP_URL_MAPPING,
SignupController.USER_VALIDATION_URL_MAPPING
};
return PUBLIC_MATCHERS;
}
}
但是当我使用凭据登录系统时:carles.xuriguera@gmail.com / 密码我在登录页面上收到了这条消息:Error ! "Bad credentials"
我在控制台:
2019-04-15 10:50 [http-nio-2233-exec-4] WARN o.s.s.c.b.BCryptPasswordEncoder.matches(90) - Encoded password does not look like BCrypt
我也试过使用
y$EE25qVSZ2Td1D5k9mFHoYubKRqrRqCUGuwnLc9aNjosKMLeY/7/72 that is the Bcrypt of password, but neverheless I got the same error:
Encoded password does not look like BCrypt
您必须指定加密密码而不是原始密码。
还要确保加密密码以“$2a$”开头,因为 2a 是 BCryptPasswordEncoder 接受的唯一版本。
spring 安全版本 5.2.0.M1 支持 2a、2b 和 2y。
试试这个。
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
User user = userRepository.findByuserName(userName);
if (user == null) {
throw new UsernameNotFoundException("userName" + userName + "Not found in the database");
}
return new org.springframework.security.core.userdetails.User(user.getName(), new BCryptPasswordEncoder().encode(user.getPassword()), getGrantedAuth(user));
}
我有一个 SpringBoot 2.1.4.RELEASE RESTful Web 服务应用程序,使用 Spring 初始化程序,嵌入 Tomcat,Thymeleaf 模板引擎,并打包为可执行 JAR 文件。
我有这个配置文件:
@Profile("dev")
@Configuration
@EnableWebSecurity
public class DevWebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger LOG = LoggerFactory.getLogger(DevWebSecurityConfig.class);
@Autowired
private UserSecurityService userSecurityService;
@Autowired
private Environment env;
@Value("${server.servlet.context-path}")
private String serverContextPath;
/** The encryption SALT. */
private static final String SALT = "12323*&^%of";
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(12, new SecureRandom(SALT.getBytes()));
}
@Override
protected void configure(HttpSecurity http) throws Exception {
final List<String> activeProfiles = Arrays.asList(env.getActiveProfiles());
if (activeProfiles.contains("dev")) {
http.csrf().disable();
http.headers().frameOptions().disable();
}
http
.authorizeRequests()
.antMatchers(publicMatchers()).permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").defaultSuccessUrl("/guerrilla/teatre")
.failureUrl("/login?error").permitAll()
.and()
.logout().permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("carles.xuriguera@gmail.com").password("password")
.roles("ADMIN");
}
private String[] publicMatchers() {
/** Public URLs. */
final String[] PUBLIC_MATCHERS = {
"/webjars/**",
serverContextPath + "/css/**",
serverContextPath + "/js/**",
serverContextPath + "/fonts/**",
serverContextPath + "/images/**",
serverContextPath ,
"/",
"/error/**/*",
"/console/**",
SignupController.SIGNUP_URL_MAPPING,
SignupController.USER_VALIDATION_URL_MAPPING
};
return PUBLIC_MATCHERS;
}
}
但是当我使用凭据登录系统时:carles.xuriguera@gmail.com / 密码我在登录页面上收到了这条消息:Error ! "Bad credentials"
我在控制台:
2019-04-15 10:50 [http-nio-2233-exec-4] WARN o.s.s.c.b.BCryptPasswordEncoder.matches(90) - Encoded password does not look like BCrypt
我也试过使用
y$EE25qVSZ2Td1D5k9mFHoYubKRqrRqCUGuwnLc9aNjosKMLeY/7/72 that is the Bcrypt of password, but neverheless I got the same error:
Encoded password does not look like BCrypt
您必须指定加密密码而不是原始密码。
还要确保加密密码以“$2a$”开头,因为 2a 是 BCryptPasswordEncoder 接受的唯一版本。
spring 安全版本 5.2.0.M1 支持 2a、2b 和 2y。
试试这个。
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
User user = userRepository.findByuserName(userName);
if (user == null) {
throw new UsernameNotFoundException("userName" + userName + "Not found in the database");
}
return new org.springframework.security.core.userdetails.User(user.getName(), new BCryptPasswordEncoder().encode(user.getPassword()), getGrantedAuth(user));
}