我的应用程序是在hibernate和spring MVC中。以前登录曾经工作,但现在我实施了密码的bcrypt编码。之后没有任何工作。我几乎改变了一切。在这里,我给你我的代码和配置文件。请帮我找出问题。
APP-security.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<security:global-method-security secured-annotations="enabled" />
<!-- These beans handle successful login and failure cases of login -->
<bean id="myAuthenticationSuccessHandler" class="com.app.security.handler.MySimpleUrlAuthenticationSuccessHandler" />
<bean id="myAuthenticationFailureHandler" class="com.app.security.handler.MySimpleUrlAuthenticationFailureHandler" />
<!-- Encrypter to encrypt password -->
<bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<security:http auto-config="true"><!--
<security:intercept-url pattern="/home*" access="ROLE_USER" /> -->
<security:intercept-url pattern="/admin" access="ROLE_ADMIN" />
<security:intercept-url pattern="/user" access="ROLE_USER" />
<security:intercept-url pattern="/group-admin" access="ROLE_GROUP_ADMIN" />
<security:intercept-url pattern="/sponsor" access="ROLE_SPONSOR" />
<security:form-login login-page="/login"
default-target-url="/home"
authentication-failure-handler-ref="myAuthenticationFailureHandler"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:password-encoder ref="encoder" />
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select user_id as userId, username, password, email_address as emailAddress, active from users where username=?"
authorities-by-username-query="select us.user_id as userId, us.username as username, us.email_address as emailAddress, us.active as active, ur.roles from users us, user_roles ur
where us.role_id = ur.role_id and us.username =? "
/>
</security:authentication-provider>
</security:authentication-manager>
</beans>
UserService.java
@Service
public class UserService {
@Autowired
private UserDaoImpl userDaoImpl;
@Autowired
BCryptPasswordEncoder passwordEncoder;
/**
* Save data in USER table
* @param user
*/
public void insert(User user) {
//Encrypting password
user.setPassword(passwordEncoder.encode(user.getPassword()));
userDaoImpl.save(user);
}
User.java
@Entity
@Table(name="USERS")
public class User implements Serializable {
private static final long serialVersionUID = 2158419746939747203L;
@Id
@Column(name="USER_ID")
@GeneratedValue(strategy=GenerationType.IDENTITY)
private long userId;
@Column(name="USERNAME", unique = true, length=45, nullable=false)
@NotEmpty @NotNull @Size(min=6, max=20)
@UniqueCheck(classname="User", fieldname="username")
private String username;
@Column(name="PASSWORD", length=100, nullable=false)
@NotEmpty @NotNull @Size(min=6, max=100)
private String password;
@Column(name="EMAIL_ADDRESS", unique = true, length=100, nullable=false)
@UniqueCheck(classname="User", fieldname="emailAddress")
@NotEmpty
private String emailAddress;
@Column(name="ACTIVE", nullable=false )
private Integer active;
@Column(name="ROLE_ID", nullable=false)
private String roleid;
//getter setters
如果需要任何其他信息,请告诉我
答案 0 :(得分:2)
在两个地方给予编码器强度(java文件和xml配置文件)....它开始工作。
所以, config.xml中
<bean
id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<constructor-arg value="12"></constructor-arg>
</bean>
服务层代码:
/**
* Encoding data
* bcrypt is a key derivation function which is used in this instance as a cryptographic hash function
* @param data
* @return
*/
public static String bCrypt(String data) {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(12);
return passwordEncoder.encode(data);
}