jBCrypt checkpw返回false以获取正确的密码

时间:2017-09-09 15:35:40

标签: java jbcrypt

我正在查询密码"密码"通过

使用JBCrypt
public User addUser(User newUser) {
        String passwordHash = BCrypt.hashpw(newUser.getPassword(), BCrypt.gensalt());
        newUser.setPassword(passwordHash);
        Object<User> user = new ObjectImpl<User>();
        return user.addObject(User.class, newUser);
    }

在上文中,newUser通过JAX-RS Restful Web服务提供。

ContextRequestFilter我试图验证用户如下:

public class AuthenticationFilter implements ContainerRequestFilter {

    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String AUTHENTICATION_SCHEME = "Basic ";

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        List<String> authorizationHeader = requestContext.getHeaders().get(AUTHORIZATION_HEADER);
        if (authorizationHeader != null) {
            String authorizationToken = authorizationHeader.get(0);
            authorizationToken = authorizationToken.replaceFirst(AUTHENTICATION_SCHEME, "");
            String decodedString = Base64.decodeAsString(authorizationToken);
            StringTokenizer tokenizer = new StringTokenizer(decodedString, ":");
            try {
                String username = tokenizer.nextToken();
                String password = tokenizer.nextToken();
                Object<User> userObject = new ObjectImpl<User>();
                User user = userObject.getObjectByNamedQuery("User.byEmail", username);
                String hashedPassword = user.getPassword();
                if (BCrypt.checkpw(password, hashedPassword)) {
                    return;
                }
            } catch (NoSuchElementException e) {
                abortRequest(requestContext);
            } catch (NullPointerException e) {
                abortRequest(requestContext);
            }
        }
        abortRequest(requestContext);
    }

在这里,当我将密码作为&#34;密码&#34;发送时,abortRequest方法仍然会触发。我看到BCrypt.checkpw(password, hashedPassword)正在返回false

0 个答案:

没有答案