我有一个SpringBoot 2.1.4.RELEASE RESTful Web Service应用程序,该应用程序使用Spring Initializer,嵌入式Tomcat,Thymeleaf模板引擎并将其打包为可执行JAR文件。
我有此配置文件:
@Profile("dev")
@Configuration
@EnableWebSecurity
public class DevWebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger LOG = LoggerFactory.getLogger(DevWebSecurityConfig.class);
@Autowired
private UserSecurityService userSecurityService;
@Autowired
private Environment env;
@Value("${server.servlet.context-path}")
private String serverContextPath;
/** The encryption SALT. */
private static final String SALT = "12323*&^%of";
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(12, new SecureRandom(SALT.getBytes()));
}
@Override
protected void configure(HttpSecurity http) throws Exception {
final List<String> activeProfiles = Arrays.asList(env.getActiveProfiles());
if (activeProfiles.contains("dev")) {
http.csrf().disable();
http.headers().frameOptions().disable();
}
http
.authorizeRequests()
.antMatchers(publicMatchers()).permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").defaultSuccessUrl("/guerrilla/teatre")
.failureUrl("/login?error").permitAll()
.and()
.logout().permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("carles.xuriguera@gmail.com").password("password")
.roles("ADMIN");
}
private String[] publicMatchers() {
/** Public URLs. */
final String[] PUBLIC_MATCHERS = {
"/webjars/**",
serverContextPath + "/css/**",
serverContextPath + "/js/**",
serverContextPath + "/fonts/**",
serverContextPath + "/images/**",
serverContextPath ,
"/",
"/error/**/*",
"/console/**",
SignupController.SIGNUP_URL_MAPPING,
SignupController.USER_VALIDATION_URL_MAPPING
};
return PUBLIC_MATCHERS;
}
}
但是当我使用以下凭据登录系统时:carles.xuriguera@gmail.com / password我在登录页面上收到了此消息:Error ! "Bad credentials"
,并且在控制台上看到了此消息:
2019-04-15 10:50 [http-nio-2233-exec-4] WARN o.s.s.c.b.BCryptPasswordEncoder.matches(90) - Encoded password does not look like BCrypt
我也尝试使用
$2y$12$EE25qVSZ2Td1D5k9mFHoYubKRqrRqCUGuwnLc9aNjosKMLeY/7/72 that is the Bcrypt of password, but neverheless I got the same error:
Encoded password does not look like BCrypt
答案 0 :(得分:3)
您必须指定加密密码,而不是原始密码。
还要确保加密的密码以“ $ 2a $”开头,因为2a是BCryptPasswordEncoder唯一接受的版本。
Spring Security版本5.2.0.M1支持2a,2b和2y。
答案 1 :(得分:0)
尝试一下。
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
User user = userRepository.findByuserName(userName);
if (user == null) {
throw new UsernameNotFoundException("userName" + userName + "Not found in the database");
}
return new org.springframework.security.core.userdetails.User(user.getName(), new BCryptPasswordEncoder().encode(user.getPassword()), getGrantedAuth(user));
}