问题是,BCryptPasswordEncoder没有加密登录过程中的密码因此登录失败,让我们说密码是123并存储在db中作为哈希,当发布密码123返回invalid_grants时,但是当哈希密码从客户端发送,返回访问令牌。当密码编码器被注释时,密码也可以。
App.java
@SpringBootApplication
public class App {
@Bean
BCryptPasswordEncoder getPasswordEncoder() {
return new BCryptPasswordEncoder();
}
public static void main(String[] args) throws Exception {
SpringApplication.run(App.class, args);
}
@Autowired
public void authenticationManager(AuthenticationManagerBuilder authenticationManagerBuilder, final UserRepository userRepository, UserService userService) throws Exception {
if(userRepository.count() == 0) {
User user = new User();
Role role = new Role();
role.setName("SA");
user.setEmail("test");
user.setPassword("123");
user.setRoles(Arrays.asList(role));
user.setBlocked(false);
user.setEnable(true);
userService.save(user);
}
authenticationManagerBuilder.userDetailsService(email -> {
return userService.loadUserByUsername(email);
});
}
}
WebSecurityConfiguration.java
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
static final String SIGNING_KEY = "kKSMJ92Mknk38njs9HJ8KNALiuc938FH";
static final int ENCODING_STRENGTH = 256;
static final String SECURITY_REALM = "Task Manager";
@Autowired
private BCryptPasswordEncoder passwordEncoder;
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder)
.and()
.authenticationProvider(authenticationProvider())
.jdbcAuthentication()
.dataSource(dataSource);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/sign-up", "/sign-in", "/").permitAll()
.antMatchers("/api/**").authenticated()
.and()
.httpBasic()
.realmName(SECURITY_REALM)
.and()
.csrf()
.disable();
}
@Bean
public UserDetailsService userDetailsService() {
return super.userDetailsService();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder);
return authenticationProvider;
}
UserService.java
@Service
public class UserService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Autowired
private BCryptPasswordEncoder passwordEncoder;
public void save(User user) {
user.setPassword(passwordEncoder.encode(user.getPassword()));;
userRepository.save(user);
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = this.userRepository.findUserByEmail(username);
if (user == null) {
throw new UsernameNotFoundException(username);
}
return new CustomUserDetails(user);
}
}
答案 0 :(得分:2)
问题可能在这里。删除已注释掉的行。
@Autowired
public void authenticationManager(AuthenticationManagerBuilder authenticationManagerBuilder, final UserRepository userRepository, UserService userService) throws Exception {
if(userRepository.count() == 0) {
User user = new User();
Role role = new Role();
role.setName("SA");
user.setEmail("test");
user.setPassword("123");
user.setRoles(Arrays.asList(role));
user.setBlocked(false);
user.setEnable(true);
userService.save(user);
}
// authenticationManagerBuilder.userDetailsService(email -> {
// return userService.loadUserByUsername(email);
// });
}
您要覆盖在配置类中完成的所有多个配置,因此密码编码器永远不会应用于AuthenticationManagerBuilder
。