Java 带密码编码器的spring引导jdbc身份验证
我想在我的网站上创建身份验证,我已经创建了SecurityConfiguration类,该类看起来:Java 带密码编码器的spring引导jdbc身份验证,java,spring-boot,authentication,Java,Spring Boot,Authentication,我想在我的网站上创建身份验证,我已经创建了SecurityConfiguration类,该类看起来: import javax.sql.DataSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Be
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
private DataSource dataSource;
@Value("${spring.queries.users-query}")
private String usersQuery;
@Value("${spring.queries.roles-query}")
private String rolesQuery;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
//auth.inMemoryAuthentication().withUser("user").password("{noop}pass").authorities("ADMIN");
auth.
jdbcAuthentication()
.passwordEncoder(passwordEncoder())
.usersByUsernameQuery(usersQuery)
.authoritiesByUsernameQuery(rolesQuery)
.dataSource(dataSource);
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/pics/**");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/managament").hasAuthority("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/management")
.usernameParameter("username")
.passwordParameter("password")
.and()
.logout().permitAll();
http.csrf().disable();
}
}
在我的resources/application.properties
中,我有两个查询
spring.queries.users-query=select username, password, active from user where username=?
spring.queries.roles-query=select u.username, r.role from user u inner join user_role ur on(u.user_id=ur.user_id) inner join role r on(ur.role_id=r.role_id) where u.username=?
下面是我的实体
角色
@Entity
@Getter
@NoArgsConstructor
public class Role {
@Id @GeneratedValue(strategy = GenerationType.IDENTITY)
private int roleId;
@Setter
private String role;
public Role(String role) {
this.role = role;
}
}
用户
@Entity
@Getter
@NoArgsConstructor
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private int userId;
@Setter
private String password;
@Setter
private String username;
@Setter
private int active;
@ManyToMany(cascade = CascadeType.ALL)
@JoinTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"), inverseJoinColumns = @JoinColumn(name = "role_id"))
@Setter
private Set<Role> roles;
public User(String password, String username, int active, Set<Role> roles) {
super();
this.password = password;
this.username = username;
this.active = active;
this.roles = roles;
}
}
它将我抛出o.s.s.c.bcrypt.BCryptPasswordEncoder:编码的密码看起来不像bcrypt
有些人告诉我,由于BCryptPasswordEncoder,数据库中的密码字段应该大于60个字符,但我有更多的字符,有些人告诉我其他配置
我举了一个例子,这个家伙并没有人们谈论的配置。我只是剪切了一些代码中不有用的部分,并根据自己的需要进行了调整。但是我遗漏了一些东西,我不知道是什么。问题是我的数据库中有密码,比如
$2y$12$hcch5qvpsll4ujtzrucqiuhyybebebubjdymj.oyH1BTSA6zJFJlZ2C
因为我是用bcrypt生成器生成的。默认情况下,BCryptPasswordEncoder.class中的bcrypt强度为10。正如您所看到的,开始时有$2y$12$,这12是强度,因此当我尝试对密码进行编码时,它看起来不像bcrypt,因为开始时的$2y$12$对于此配置应为$2y$10$
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
如果你想将强度改为12,你应该这样做
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(12);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(12);
}