Spring security login doesn't work when using Bcrypt

时间:2018-01-23 19:44:00

标签: spring-mvc spring-security

I make Login Page using spring MVC and spring security and everything work correctly, but when add encryption for Login&Registration it doesn't work (user password is encrypted in the DB also)

security-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-
   security.xsd">

<http pattern="/resources/**" security="none"/>

<http use-expressions="true" auto-config="true">
    <intercept-url pattern="/" access="hasRole('ROLE_USER')"/>
    <intercept-url pattern="/welcome" access="hasRole('ROLE_USER')"/>
    <form-login login-processing-url="/j_spring_security_check"
                login-page="/signin" default-target-url="/" 
                authentication-failure-url="/signin?error"
                username-parameter="email" password-
    parameter="password"/>
    <!-- <logout  logout-success-url="/signin" delete-
    cookies="JSESSIONID" invalidate-session="true" /> -->
    <logout   logout-success-url="/signin" />
    <csrf disabled="true" />
</http>

<!-- for preAuthorize annotation -->
<global-method-security pre-post-annotations="enabled" />


<authentication-manager>
    <authentication-provider>
        <password-encoder hash="bcrypt" />
        <jdbc-user-service data-source-ref="dataSource"

   authorities-by-username-query="select 
   User.email , role.name from User join user_role on User.id = 
   user_role.user_id join role on user_role.role_id = role.id
   where email = ?"

  users-by-username-query="select 
   email,password,1 from User where email = ?" />        
    </authentication-provider>
 </authentication-manager>

 <!-- <user-service>
        <user name="admin@email.com" password="admin" 
  authorities="ROLE_USER, ROLE_ADMIN" />    
 -->
 </beans:beans>

Registration method in the Controller

@RequestMapping(value = "/signup", method = RequestMethod.POST)
public String postSignUpPage(@ModelAttribute User user
,@RequestParam("password") String password) {

    BCryptPasswordEncoder encoder=new BCryptPasswordEncoder();
    user.setPassword(encoder.encode(password));

    userRepo.save(user);
    return "redirect:/signin";

}

what is the problem here??!!

1 个答案:

答案 0 :(得分:2)

您似乎缺少将自己的bcrypt加密器提供给身份验证提供程序。您需要将BCryptPasswordEncoder声明为spring bean并将其自动装配到控制器并将其传递给身份验证提供程序。请参阅以下代码段以供参考;

<强>弹簧security.xml文件 

<authentication-manager>
    <authentication-provider>
        <password-encoder ref="encoder" />
        <!-- your jdbc user details service declaration --> 
    </authentication-provider>
</authentication-manager>

<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
    <beans:constructor-arg name="strength" value="11" />
</beans:bean>

<强>控制器 

@Autowired
private BCryptPasswordEncoder encoder;

@RequestMapping(value = "/signup", method = RequestMethod.POST)
public String postSignUpPage(@ModelAttribute User user ,@RequestParam("password") String password) {
    user.setPassword(encoder.encode(password));
    userRepo.save(user);
    return "redirect:/signin";
}
相关问题
最新问题