Java Spring Security 4:身份验证失败:密码与存储值不匹配
我在应用程序中使用spring安全性。用户可以正确登录到系统,但在几次登录和注销后,就不可能再次登录。我得到一个错误:Java Spring Security 4:身份验证失败:密码与存储值不匹配,java,spring-mvc,spring-security,Java,Spring Mvc,Spring Security,我在应用程序中使用spring安全性。用户可以正确登录到系统,但在几次登录和注销后,就不可能再次登录。我得到一个错误: Authentication failed: password does not match stored value 我使用的java配置如下: import javax.sql.DataSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframew
Authentication failed: password does not match stored value
我使用的java配置如下:
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportResource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@ImportResource("classpath:/root-context.xml")
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource).passwordEncoder(new BCryptPasswordEncoder())
.usersByUsernameQuery("select email,password, enabled from users where email=?")
.authoritiesByUsernameQuery("select email, role from user_roles where email=?");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().accessDeniedPage("/403").and().authorizeRequests().antMatchers("/resources/**")
.permitAll().anyRequest().hasAnyRole("EMPLOYEE", "ADMIN").and().formLogin().loginPage("/login")
.permitAll().and().logout().logoutSuccessUrl("/logout").permitAll();
}
}
谁能告诉我,有什么问题吗
编辑
我发现,由于某种原因,数据库中保存的哈希不再正确,如果我用另一个哈希替换它,我可以再次登录。是什么原因造成的 您最近是否对配置进行了任何更改?我得到的唯一合理解释是您更改了
密码编码器
。或者您可能只在一个方面进行了更改:身份验证(编码器用于比较密码)或将用户持久化到DB中的服务/dao(编码器应用于加密清除密码)?