Fatal编程技术网
  • java/
  • Java 带密码编码器的spring引导jdbc身份验证

Java 带密码编码器的spring引导jdbc身份验证

java spring-boot authentication

Java 带密码编码器的spring引导jdbc身份验证,java,spring-boot,authentication,Java,Spring Boot,Authentication,我想在我的网站上创建身份验证,我已经创建了SecurityConfiguration类,该类看起来: import javax.sql.DataSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Be

我想在我的网站上创建身份验证,我已经创建了SecurityConfiguration类,该类看起来:

import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Autowired
    private DataSource dataSource;

    @Value("${spring.queries.users-query}")
    private String usersQuery;

    @Value("${spring.queries.roles-query}")
    private String rolesQuery;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        //auth.inMemoryAuthentication().withUser("user").password("{noop}pass").authorities("ADMIN");

        auth.
        jdbcAuthentication()
            .passwordEncoder(passwordEncoder())
            .usersByUsernameQuery(usersQuery)
            .authoritiesByUsernameQuery(rolesQuery)
            .dataSource(dataSource);    
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
           .ignoring()
           .antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/pics/**");
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/login").permitAll()
                .antMatchers("/managament").hasAuthority("ADMIN")
                .anyRequest().authenticated()
            .and()
            .formLogin()
                .loginPage("/login")
                .defaultSuccessUrl("/management")
                .usernameParameter("username")
                .passwordParameter("password")
            .and()
                .logout().permitAll();
        http.csrf().disable();

    }

}
在我的
resources/application.properties
中,我有两个查询

spring.queries.users-query=select username, password, active from user where username=?
spring.queries.roles-query=select u.username, r.role from user u inner join user_role ur on(u.user_id=ur.user_id) inner join role r on(ur.role_id=r.role_id) where u.username=?
下面是我的实体

角色

@Entity
@Getter
@NoArgsConstructor
public class Role {

    @Id @GeneratedValue(strategy = GenerationType.IDENTITY)
    private int roleId;

    @Setter
    private String role;    

    public Role(String role) {
        this.role = role;
    }

}
用户

@Entity
@Getter
@NoArgsConstructor
public class User {

    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private int userId;

    @Setter
    private String password;

    @Setter
    private String username;

    @Setter
    private int active;

    @ManyToMany(cascade = CascadeType.ALL)
    @JoinTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"), inverseJoinColumns = @JoinColumn(name = "role_id"))
    @Setter
    private Set<Role> roles;

    public User(String password, String username, int active, Set<Role> roles) {
        super();
        this.password = password;
        this.username = username;
        this.active = active;
        this.roles = roles;
    }
}
它将我抛出
o.s.s.c.bcrypt.BCryptPasswordEncoder:编码的密码看起来不像bcrypt

有些人告诉我,由于BCryptPasswordEncoder,数据库中的密码字段应该大于60个字符,但我有更多的字符,有些人告诉我其他配置

我举了一个例子,这个家伙并没有人们谈论的配置。我只是剪切了一些代码中不有用的部分,并根据自己的需要进行了调整。但是我遗漏了一些东西,我不知道是什么。

问题是我的数据库中有密码,比如
$2y$12$hcch5qvpsll4ujtzrucqiuhyybebebubjdymj.oyH1BTSA6zJFJlZ2C

因为我是用bcrypt生成器生成的。默认情况下,BCryptPasswordEncoder.class中的bcrypt强度为10。正如您所看到的,开始时有$2y$12$,这12是强度,因此当我尝试对密码进行编码时,它看起来不像bcrypt,因为开始时的$2y$12$对于此配置应为$2y$10$

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}
如果你想将强度改为12,你应该这样做

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder(12);
}

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder(12);
}