gpt4 book ai didi

java - 使用 Spring Security BCryptPasswordEncoder 散列密码时凭据错误

转载 作者:搜寻专家 更新时间:2023-11-01 03:51:07 24 4
gpt4 key购买 nike

我正在使用新的 BCryptPasswordEncoder 将用户密码散列到数据库(在我的例子中是 MongoDB)。当我刚刚测试我的登录时,我在我的安全配置中将密码编码器设置为 BCryptPasswordEncoder,但是当我尝试登录时我得到了 Bad Credentials(当然是使用正确的凭据)。我错过了什么?

安全配置:

    import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebMvcSecurity
public class VZWebSecurityConfig extends WebSecurityConfigurerAdapter{

@Autowired
VZUserDetailsService userDetailsService;

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(userDetailsService).passwordEncoder(encoder());
}

@Override
protected void configure(HttpSecurity http) throws Exception{
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.permitAll()
.and()
.logout()
.permitAll();
}

@Bean
public PasswordEncoder encoder(){
return new BCryptPasswordEncoder();
}

}

为了从一些有效用户开始,我用一些用户初始化数据库:

import java.util.ArrayList;
import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import vertyze.platform.data.constants.VZUserRoles;


@Configuration
@ComponentScan("it.vertyze.platform")
@EnableAutoConfiguration
public class Application implements CommandLineRunner {

@Autowired
VZUserRepository userRepository;

public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}


@Override
public void run(String... args) throws Exception {
userRepository.deleteAll();
PasswordEncoder encoder = new BCryptPasswordEncoder();

List<VZUserRoles> siteAdmin = new ArrayList<VZUserRoles>();
siteAdmin.add(VZUserRoles.SITE_ADMIN);

List<VZUserRoles> siteUser = new ArrayList<VZUserRoles>();
siteUser.add(VZUserRoles.SITE_VIEWER);

VZUser user1 = new VZUser();
VZUser user2 = new VZUser();

user1.setUsername("user1");
user1.setPassword(encoder.encode("password1"));
user1.setRoles(siteAdmin);

user2.setUsername("user2");
user2.setPassword(encoder.encode("password2"));
user2.setRoles(siteUser);

userRepository.save(user1);
userRepository.save(user2);

}

}

有人可以帮我吗?谢谢!

最佳答案

有没有机会

WARN  o.s.s.c.bcrypt.BCryptPasswordEncoder - Encoded password does not   look like BCrypt 

在你的调试日志中?如果是,则应检查用户表中密码行的长度是否足够大。bcrypt 算法产生长度为 60 的散列,所以如果你碰巧有一行,例如输入 varchar(45) 您的哈希值可能会被截断。

关于java - 使用 Spring Security BCryptPasswordEncoder 散列密码时凭据错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27739565/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com