我正在查询密码"密码"通过
使用JBCryptpublic User addUser(User newUser) {
String passwordHash = BCrypt.hashpw(newUser.getPassword(), BCrypt.gensalt());
newUser.setPassword(passwordHash);
Object<User> user = new ObjectImpl<User>();
return user.addObject(User.class, newUser);
}
在上文中,newUser
通过JAX-RS Restful Web服务提供。
在ContextRequestFilter
我试图验证用户如下:
public class AuthenticationFilter implements ContainerRequestFilter {
private static final String AUTHORIZATION_HEADER = "Authorization";
private static final String AUTHENTICATION_SCHEME = "Basic ";
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
List<String> authorizationHeader = requestContext.getHeaders().get(AUTHORIZATION_HEADER);
if (authorizationHeader != null) {
String authorizationToken = authorizationHeader.get(0);
authorizationToken = authorizationToken.replaceFirst(AUTHENTICATION_SCHEME, "");
String decodedString = Base64.decodeAsString(authorizationToken);
StringTokenizer tokenizer = new StringTokenizer(decodedString, ":");
try {
String username = tokenizer.nextToken();
String password = tokenizer.nextToken();
Object<User> userObject = new ObjectImpl<User>();
User user = userObject.getObjectByNamedQuery("User.byEmail", username);
String hashedPassword = user.getPassword();
if (BCrypt.checkpw(password, hashedPassword)) {
return;
}
} catch (NoSuchElementException e) {
abortRequest(requestContext);
} catch (NullPointerException e) {
abortRequest(requestContext);
}
}
abortRequest(requestContext);
}
在这里,当我将密码作为&#34;密码&#34;发送时,abortRequest
方法仍然会触发。我看到BCrypt.checkpw(password, hashedPassword)
正在返回false
。