我做了很多测试,无法找到使它工作的方法。 在下一个基本的spring-boot项目中,您可以测试密码是否相同,match方法始终返回false。
pom.xml
<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>basic</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>basic</name>
<description>Basic project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.3.RELEASE</version>
<relativePath/>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.3.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<fork>true</fork>
</configuration>
</plugin>
</plugins>
</build>
BasicApplication.java
package com.example;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@SpringBootApplication
public class BasicApplication {
public static PasswordEncoder oauthClientPasswordEncoder = new BCryptPasswordEncoder(4);
private static final Logger LOG = LoggerFactory.getLogger(BasicApplication.class);
public static void main(String[] args) {
SpringApplication.run(BasicApplication.class, args);
String secret = oauthClientPasswordEncoder.encode("secreto");
LOG.info("Client pass: secreto, " + oauthClientPasswordEncoder.matches(secret, "secreto"));
}
}
日志
Attaching agents: []
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.0.3.RELEASE)
2019-04-04 18:06:09.183 INFO 4111 --- [ main] com.example.BasicApplication : Starting BasicApplication on --.local with PID 4111 (/Users/--/NetBeansProjects/java/BasicSpringbootTest/target/classes started by -- in /Users/--/NetBeansProjects/java/BasicSpringbootTest)
2019-04-04 18:06:09.187 INFO 4111 --- [ main] com.example.BasicApplication : No active profile set, falling back to default profiles: default
2019-04-04 18:06:09.227 INFO 4111 --- [ main] s.c.a.AnnotationConfigApplicationContext : Refreshing org.springframework.context.annotation.AnnotationConfigApplicationContext@6b67034: startup date [Thu Apr 04 18:06:09 CST 2019]; root of context hierarchy
2019-04-04 18:06:09.826 INFO 4111 --- [ main] o.s.j.e.a.AnnotationMBeanExporter : Registering beans for JMX exposure on startup
2019-04-04 18:06:09.838 INFO 4111 --- [ main] com.example.BasicApplication : Started BasicApplication in 16.44 seconds (JVM running for 17.75)
2019-04-04 18:06:09.845 WARN 4111 --- [ main] o.s.s.c.bcrypt.BCryptPasswordEncoder : Encoded password does not look like BCrypt
2019-04-04 18:06:09.845 INFO 4111 --- [ main] com.example.BasicApplication : Client pass: secreto, false
2019-04-04 18:06:09.854 INFO 4111 --- [ Thread-2] s.c.a.AnnotationConfigApplicationContext : Closing org.springframework.context.annotation.AnnotationConfigApplicationContext@6b67034: startup date [Thu Apr 04 18:06:09 CST 2019]; root of context hierarchy
2019-04-04 18:06:09.858 INFO 4111 --- [ Thread-2] o.s.j.e.a.AnnotationMBeanExporter : Unregistering JMX-exposed beans on shutdown
好吧,看起来像我的帖子的大部分是代码,下面是一些详细信息:
我寻找了同样的问题:编码的密码看起来不像BCrypt,但是所有解决方案都与人为错误或外部资源的错误有关。
很奇怪,您可以使用AuthorizationServerConfigurerAdapter中的BCrypPasswordEncoder通过这种方式在项目中配置Spring Security OAuth2:
SpringSecurityConfig.java
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
[...] // bunch of code
@Bean
public PasswordEncoder oauthClientPasswordEncoder() {
return new BCryptPasswordEncoder(4);
}
}
AuthorizationServerConfig.java
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
[...] // bunch of code
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
ClientDetailsServiceBuilder.ClientBuilder cb = clients
.inMemory()
.withClient("pms_read")
.resourceIds("pms")
.secret("BCRYPTED_PASSWORD_BY_BCRYPTPASSWORDENCODER")
.redirectUris("http://uri.com")
.authorities("APP")
.scopes("read");
}
}
它有效!但是,如果您想手动匹配密码,那就不能了。
答案 0 :(得分:0)
好吧,就像@chrylis的注释一样,rawPassword必须是第一个参数,encodedPassword必须是第二个参数。
这种方式:
public static void main(String[] args) {
SpringApplication.run(BasicApplication.class, args);
String secret = oauthClientPasswordEncoder.encode("secreto");
LOG.info("Client pass: secreto, " + oauthClientPasswordEncoder.matches("secreto", secret));
}
它有效!非常感谢你!