Question

我第一次使用spring security 5，当我尝试登录时，我收到此错误：编码密码看起来不像BCrypt 这是我的securityConfig.java

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{


@Autowired
public void globalConfig(AuthenticationManagerBuilder auth, DataSource dataSource) throws Exception {


    auth.jdbcAuthentication()
    .dataSource(dataSource)
    .usersByUsernameQuery("select username as principal,password as credentials, true from users where username = ?").passwordEncoder(new BCryptPasswordEncoder())
    .authoritiesByUsernameQuery("select user_username as principal, roles_role as role from users_roles where user_username = ?")
    .rolePrefix("ROLE_");

}


@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf().disable()
        .authorizeRequests()
            .antMatchers("/css/**","/js/**","/images/**").permitAll()
            .anyRequest()
                .authenticated()
                    .and()
        .formLogin()
            .loginPage("/login.html")
            .permitAll()
            .defaultSuccessUrl("/index.html");

}

}

我使用这样的密码编码器：

.usersByUsernameQuery("select username as principal,password as credentials, 
true from users where username = ?").passwordEncoder(new 
BCryptPasswordEncoder())

有谁知道问题的来源！

Answer 1

BCryptPasswordEncoder在未能将原始密码与编码密码匹配时显示此警告。看来数据库中存在的密码不是以纯文本形式编码的。

在数据库中插入用户详细信息之前，请确保对密码进行编码。

final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
passwordEncoder.encode(password);

spring安全中的passwordEncoder

1 个答案: