Spring mvc Spring安全登录不';使用Bcrypt时无法工作
我使用SpringMVC和SpringSecurity创建了登录页面,所有功能都正常工作,但当为登录和注册添加加密时,它不起作用(用户密码也在数据库中加密) security-config.xmlSpring mvc Spring安全登录不';使用Bcrypt时无法工作,spring-mvc,spring-security,Spring Mvc,Spring Security,我使用SpringMVC和SpringSecurity创建了登录页面,所有功能都正常工作,但当为登录和注册添加加密时,它不起作用(用户密码也在数据库中加密) security-config.xml <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.sp
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-
security.xsd">
<http pattern="/resources/**" security="none"/>
<http use-expressions="true" auto-config="true">
<intercept-url pattern="/" access="hasRole('ROLE_USER')"/>
<intercept-url pattern="/welcome" access="hasRole('ROLE_USER')"/>
<form-login login-processing-url="/j_spring_security_check"
login-page="/signin" default-target-url="/"
authentication-failure-url="/signin?error"
username-parameter="email" password-
parameter="password"/>
<!-- <logout logout-success-url="/signin" delete-
cookies="JSESSIONID" invalidate-session="true" /> -->
<logout logout-success-url="/signin" />
<csrf disabled="true" />
</http>
<!-- for preAuthorize annotation -->
<global-method-security pre-post-annotations="enabled" />
<authentication-manager>
<authentication-provider>
<password-encoder hash="bcrypt" />
<jdbc-user-service data-source-ref="dataSource"
authorities-by-username-query="select
User.email , role.name from User join user_role on User.id =
user_role.user_id join role on user_role.role_id = role.id
where email = ?"
users-by-username-query="select
email,password,1 from User where email = ?" />
</authentication-provider>
</authentication-manager>
<!-- <user-service>
<user name="admin@email.com" password="admin"
authorities="ROLE_USER, ROLE_ADMIN" />
-->
</beans:beans>
这里有什么问题 您似乎无法向身份验证提供商提供自己的bcrypt加密机。您需要将
BCryptPasswordEncoder
声明为Springbean,并将其自动连接到控制器,同时将其传递给身份验证提供者。请参阅下面的代码片段以供参考
spring security.xml
<authentication-manager>
<authentication-provider>
<password-encoder ref="encoder" />
<!-- your jdbc user details service declaration -->
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="11" />
</beans:bean>
你说不工作是什么意思?有错误吗?您是否尝试过将spring security package设置为调试并检查日志?在没有加密的情况下,它可以正常工作,但当使用加密密码添加新用户时,当我尝试登录@Setu时,它会给我错误的凭据
<authentication-manager>
<authentication-provider>
<password-encoder ref="encoder" />
<!-- your jdbc user details service declaration -->
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="11" />
</beans:bean>
@Autowired
private BCryptPasswordEncoder encoder;
@RequestMapping(value = "/signup", method = RequestMethod.POST)
public String postSignUpPage(@ModelAttribute User user ,@RequestParam("password") String password) {
user.setPassword(encoder.encode(password));
userRepo.save(user);
return "redirect:/signin";
}