Mongodb Spring安全认证
我无法使用MongoDB在spring中使用spring security进行身份验证 实体:Mongodb Spring安全认证,mongodb,spring-boot,authentication,spring-security,Mongodb,Spring Boot,Authentication,Spring Security,我无法使用MongoDB在spring中使用spring security进行身份验证 实体: @Document(collection = "users") public class Users { @Id private String id; private String username; private String email; private String password; private List<Notification&
@Document(collection = "users")
public class Users {
@Id
private String id;
private String username;
private String email;
private String password;
private List<Notification> preferences;
public Users(String username, String email, String password, List<Notification> preferences) {
this.username = username;
this.email = email;
this.password = password;
this.preferences = preferences;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public List<Notification> getPreferences() {
return preferences;
}
public void setPreferences(List<Notification> preferences) {
this.preferences = preferences;
}
}
当我尝试进行身份验证时,它会给出以下信息:
在我的数据库中,我有一个用户:
{
"_id" : ObjectId("5b855813d03cce0264de3ab6"),
"username" : "username",
"email" : "test@test.com",
"password" : "123"
}
你知道是什么原因造成的吗?问题是你已经将
BCryptPasswordEncoder
注册为passwordEncoder
bean,但是你已经将密码以明文形式存储在数据库中。现在,当进行身份验证时,它使用BCrypt算法对来自HTTP请求的传入密码进行编码,并将其与明文密码进行比较,明文密码显然会失败。这就是为什么您会得到“编码的密码看起来不像BCrypt”,因为它不是
短期修复方法是编辑mongodb用户记录,使用户名为“username”的用户的密码字段具有以下值,如下所示:
{
"_id" : ObjectId("5b855813d03cce0264de3ab6"),
"username" : "username",
"email" : "test@test.com",
"password" : "$2a$10$pIUUIHClmGYBnsJzlOHQkeecSwRGAgYlxzRfBFjEqhk6rkQdilTYC"
}
@Autowired
private PasswordEncoder passwordEncoder;
public void saveUser(Users user) {
user.setPassword(passwordEncoder.encoder(user.getPassword()));
// Save in mongodb
}
当您使用BCrypt算法对字符串“123”进行编码时,您将得到“$2a$10$PIUUUIHCLMGYBNSJZLOHQKEECSSWRGAGYLXZRFBFJEQHK6RKQDILTYC”
但正确的修复方法是在应用程序中保存Mongo数据库之前添加密码编码,如下所示:
{
"_id" : ObjectId("5b855813d03cce0264de3ab6"),
"username" : "username",
"email" : "test@test.com",
"password" : "$2a$10$pIUUIHClmGYBnsJzlOHQkeecSwRGAgYlxzRfBFjEqhk6rkQdilTYC"
}
@Autowired
private PasswordEncoder passwordEncoder;
public void saveUser(Users user) {
user.setPassword(passwordEncoder.encoder(user.getPassword()));
// Save in mongodb
}
@Autowired
private PasswordEncoder passwordEncoder;
public void saveUser(Users user) {
user.setPassword(passwordEncoder.encoder(user.getPassword()));
// Save in mongodb
}