我正在使用新的BCryptPasswordEncoder将用户密码哈希到数据库(在我的情况下是一个MongoDB)。当我测试我的登录时,我将安全配置中的密码编码器设置为BCryptPasswordEncoder,但是当我尝试登录时(当然使用正确的凭据),我得到了Bad Credentials。我错过了什么?
安全配置:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebMvcSecurity
public class VZWebSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
VZUserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(userDetailsService).passwordEncoder(encoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.permitAll()
.and()
.logout()
.permitAll();
}
@Bean
public PasswordEncoder encoder(){
return new BCryptPasswordEncoder();
}
}
从一些有效用户开始,我用一些用户初始化数据库:
import java.util.ArrayList;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import vertyze.platform.data.constants.VZUserRoles;
@Configuration
@ComponentScan("it.vertyze.platform")
@EnableAutoConfiguration
public class Application implements CommandLineRunner {
@Autowired
VZUserRepository userRepository;
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Override
public void run(String... args) throws Exception {
userRepository.deleteAll();
PasswordEncoder encoder = new BCryptPasswordEncoder();
List<VZUserRoles> siteAdmin = new ArrayList<VZUserRoles>();
siteAdmin.add(VZUserRoles.SITE_ADMIN);
List<VZUserRoles> siteUser = new ArrayList<VZUserRoles>();
siteUser.add(VZUserRoles.SITE_VIEWER);
VZUser user1 = new VZUser();
VZUser user2 = new VZUser();
user1.setUsername("user1");
user1.setPassword(encoder.encode("password1"));
user1.setRoles(siteAdmin);
user2.setUsername("user2");
user2.setPassword(encoder.encode("password2"));
user2.setRoles(siteUser);
userRepository.save(user1);
userRepository.save(user2);
}
}
任何人都可以帮助我吗?谢谢!
答案 0 :(得分:0)
是偶然的
WARN o.s.s.c.bcrypt.BCryptPasswordEncoder - Encoded password does not look like BCrypt
? 如果是,则应检查用户表中密码行的长度是否足够大。 bcrypt算法产生长度为60的哈希,所以如果你碰巧有一行例如输入varchar(45)你的哈希可能会被截断。