我的代码在春季版1.5.6.RELEASE中工作正常。 但是当我将版本升级到2.0.0时,我的一些方法已被弃用但工作正常。 当我从There is no PasswordEncoder mapped for the id "null" with database authentication查看时更改我已弃用的方法 它开始给我错误“没有passwordencoder”
这是我的代码。
WebConfig
@Configurable
@EnableWebSecurity
public class WebConfig extends WebSecurityConfigurerAdapter {
@Autowired
AppUserDetailsService appUserDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(appUserDetailsService);
}
@Bean
public static DelegatingPasswordEncoder passwordEncoder() {
return (DelegatingPasswordEncoder) DelegatingPasswordEncoder.encode("noop");
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(appUserDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@SuppressWarnings("deprecation")
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("http://localhost:4200");
}
};
}
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()
.authorizeRequests()
.antMatchers("/account/register","/account/login","/logout").permitAll()
.anyRequest().fullyAuthenticated().and()
.logout()
.permitAll()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout", "POST"))
.and()
.httpBasic().and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and()
.csrf().disable();
}
}
帐户控制器
@RestController
@RequestMapping("account")
public class AccountController {
public static final Logger logger = LoggerFactory.getLogger(AccountController.class);
@Autowired
private UserService userService;
@CrossOrigin
@RequestMapping(value = "/register", method = RequestMethod.POST)
public ResponseEntity<?> createUser(@RequestBody User newUser) {
if (userService.find(newUser.getUsername()) != null) {
logger.error("username Already exist " + newUser.getUsername());
return new ResponseEntity(
new CustomErrorType("user with username " + newUser.getUsername() + "already exist "),
HttpStatus.CONFLICT);
}
newUser.setRole("USER");
return new ResponseEntity<User>(userService.save(newUser), HttpStatus.CREATED);
}
@CrossOrigin
@RequestMapping("/login")
public Principal user(Principal principal) {
logger.info("user logged "+principal);
return principal;
}
}
用户服务
@Service
public class UserService {
@Autowired
UserRepository userRepository;
public User save(User user) {
return userRepository.saveAndFlush(user);
}
public User update(User user) {
return userRepository.save(user);
}
public User find(String userName) {
return userRepository.findOneByUsername(userName);
}
}
我看到了所有相关的答案,但它们可用于inMemory身份验证。 Spring security : migrating 4.0 to 5.0 - Error -There is no PasswordEncoder mapped for the id “null” Spring Security 5 : There is no PasswordEncoder mapped for the id "null" Spring Boot PasswordEncoder Error
请帮忙。 我正在使用mysql数据库。
答案 0 :(得分:0)
来自文档:
NoOpPasswordEncoder:不执行任何操作的密码编码器。有用 用于测试使用纯文本密码的地方可能是首选。
他们被弃用,因为他们没有安全保障。如我所见,如果您仍想使用“noop”密码编码器,只需构建自己的密码编码器实现。
希望这有帮助。