Fatal编程技术网

Spring mvc Spring启动密码Bcrypt

spring-mvc spring-boot

Spring mvc Spring启动密码Bcrypt,spring-mvc,spring-boot,Spring Mvc,Spring Boot,我有springboot rest代码来注册一些用户。我用bycrpt编码器对它进行编码。代码如下所示 @RequestMapping(value="/customer/new", method=RequestMethod.POST) public Customer newCustomer (@RequestBody Customer customer){ customer.setPassword(new BCryptPasswordEncoder().encod

我有springboot rest代码来注册一些用户。我用bycrpt编码器对它进行编码。代码如下所示

@RequestMapping(value="/customer/new", method=RequestMethod.POST)
    public Customer newCustomer (@RequestBody Customer customer){
            customer.setPassword(new BCryptPasswordEncoder().encode(customer.getPassword()));
        return customerservice.saveCustomer(customer);
        }

@RequestMapping(value = "customer/login", method = RequestMethod.POST)
        public String login(@RequestBody Customer login) throws ServletException {

            String jwtToken = "";

            if (login.getUsername()== null || login.getPassword()== null) {
                throw new ServletException("Please fill in username and password");
            }

            String username = login.getUsername();
            String password = new BCryptPasswordEncoder().encode(login.getPassword());


            Customer customer = customerservice.findByusername(username);

            if (customer == null) {
                throw new ServletException("Username not found.");
            }

            String pwd = customer.getPassword();

            if (!password.equals(pwd)) {
                throw new ServletException("Invalid login. Please check your name and password.");
            }
因此,它成功地用编码密码存储了密码 像这样的事 $2a$10$f25IxR/b7wNJBl7Zi.zEMOzpR2nDEw7IJwR3tv/BVKsKJRAtDe1Mq

因此,我使登录rest控制器如下所示

@RequestMapping(value="/customer/new", method=RequestMethod.POST)
    public Customer newCustomer (@RequestBody Customer customer){
            customer.setPassword(new BCryptPasswordEncoder().encode(customer.getPassword()));
        return customerservice.saveCustomer(customer);
        }

@RequestMapping(value = "customer/login", method = RequestMethod.POST)
        public String login(@RequestBody Customer login) throws ServletException {

            String jwtToken = "";

            if (login.getUsername()== null || login.getPassword()== null) {
                throw new ServletException("Please fill in username and password");
            }

            String username = login.getUsername();
            String password = new BCryptPasswordEncoder().encode(login.getPassword());


            Customer customer = customerservice.findByusername(username);

            if (customer == null) {
                throw new ServletException("Username not found.");
            }

            String pwd = customer.getPassword();

            if (!password.equals(pwd)) {
                throw new ServletException("Invalid login. Please check your name and password.");
            }
登录rest控制器从输入获取用户名,从用户输入获取密码。我尝试对密码进行编码,这样它就可以作为Bcrypt编码的密码返回,并与之前存储的密码匹配

但它不匹配。我可以得到相同的密码编码。如何解决这个问题? 使用springboot rest的im新手

BCryptPasswordEncoder的
encode()
方法返回一个salt散列。这意味着使用相同的参数调用此方法将不会返回相同的值

因此是
matches()
方法。使用此选项验证密码

您还应该将BCryptPasswordEncoder用作bean,以便可以自动连接它

@Configuration
public class SomeConfigurationClass {
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(12);
    }
}
BCryptPasswordEncoder的
encode()
方法返回一个salt散列。这意味着使用相同的参数调用此方法将不会返回相同的值

因此是
matches()
方法。使用此选项验证密码

您还应该将BCryptPasswordEncoder用作bean,以便可以自动连接它

@Configuration
public class SomeConfigurationClass {
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(12);
    }
}
你的代码很好。调试代码以查找问题。在匹配之前打印或调试编码和存储的密码您的代码正常。调试代码以查找问题。在匹配之前打印或调试编码和存储的密码