我在 youtube 上看到了一个视频,一个男孩在使用 OAuth2 教授基本身份验证。他制作了一个非常基本的版本,所以我决定制作一个更好的版本。关键是他使用普通密码进行了身份验证,而我现在正在尝试使用编码密码(当然存储在数据库中)添加身份验证。
我遇到以下问题:似乎编码甚至不起作用,因为即使我输入了正确的密码,它也会告诉我密码不正确,但是如果我将普通密码放入数据库中,则在控制台显示警告。
<块引用>编码后的密码看起来不像 BCrypt
我遵循了各种教程来源,但没有设法让它发挥作用......
这就是我现在所拥有的:
授权服务器配置
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("ClientId")
.secret("secret")
.authorizedGrantTypes("authorization_code")
.scopes("user_info")
.autoApprove(true);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
}
资源服务器配置
@Configuration
@EnableResourceServer
@EnableWebSecurity
public class ResourceServerConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatchers()
.antMatchers("/css/**","/image/**","/fonts/**","/js/**","/vendor/**")
.and()
.authorizeRequests()
.anyRequest();
http.requestMatchers()
.antMatchers("/login","/oauth/authorize")
.and()
.authorizeRequests()
.antMatchers("/resources/**","/css/**","/image/**","/fonts/**","/js/**","/vendor/**").permitAll()
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll();
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
BCryptPasswordEncoder encoder = passwordEncoder();
auth.jdbcAuthentication().dataSource(dataSource).passwordEncoder(encoder);
}
@Bean
public JdbcUserDetailsManager jdbcUserDetailsManager() {
JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager();
jdbcUserDetailsManager.setDataSource(dataSource);
return jdbcUserDetailsManager;
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(12);
}
}
WebMvcConfig
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("signin");
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**",
"/image/**",
"/css/**",
"/js/**",
"/vendor/**")
.addResourceLocations("classpath:/resources/",
"classpath:/static/image/",
"classpath:/static/css/",
"classpath:/static/js/",
"classpath:/static/vendor/");
}
}
我不知道我还需要什么。