Spring mvc Spring安全登录不'；使用Bcrypt时无法工作_Spring Mvc_Spring Security

Spring mvc Spring安全登录不'；使用Bcrypt时无法工作

spring-mvc spring-security

Spring mvc Spring安全登录不'；使用Bcrypt时无法工作,spring-mvc,spring-security,Spring Mvc,Spring Security,我使用SpringMVC和SpringSecurity创建了登录页面，所有功能都正常工作，但当为登录和注册添加加密时，它不起作用（用户密码也在数据库中加密） security-config.xml <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.sp

我使用SpringMVC和SpringSecurity创建了登录页面，所有功能都正常工作，但当为登录和注册添加加密时，它不起作用（用户密码也在数据库中加密）

security-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-
   security.xsd">

<http pattern="/resources/**" security="none"/>

<http use-expressions="true" auto-config="true">
    <intercept-url pattern="/" access="hasRole('ROLE_USER')"/>
    <intercept-url pattern="/welcome" access="hasRole('ROLE_USER')"/>
    <form-login login-processing-url="/j_spring_security_check"
                login-page="/signin" default-target-url="/" 
                authentication-failure-url="/signin?error"
                username-parameter="email" password-
    parameter="password"/>
    <!-- <logout  logout-success-url="/signin" delete-
    cookies="JSESSIONID" invalidate-session="true" /> -->
    <logout   logout-success-url="/signin" />
    <csrf disabled="true" />
</http>

<!-- for preAuthorize annotation -->
<global-method-security pre-post-annotations="enabled" />


<authentication-manager>
    <authentication-provider>
        <password-encoder hash="bcrypt" />
        <jdbc-user-service data-source-ref="dataSource"

   authorities-by-username-query="select 
   User.email , role.name from User join user_role on User.id = 
   user_role.user_id join role on user_role.role_id = role.id
   where email = ?"

  users-by-username-query="select 
   email,password,1 from User where email = ?" />        
    </authentication-provider>
 </authentication-manager>

 <!-- <user-service>
        <user name="admin@email.com" password="admin" 
  authorities="ROLE_USER, ROLE_ADMIN" />    
 -->
 </beans:beans>

这里有什么问题

您似乎无法向身份验证提供商提供自己的bcrypt加密机。您需要将

BCryptPasswordEncoder

声明为Springbean，并将其自动连接到控制器，同时将其传递给身份验证提供者。请参阅下面的代码片段以供参考

spring security.xml

<authentication-manager>
    <authentication-provider>
        <password-encoder ref="encoder" />
        <!-- your jdbc user details service declaration --> 
    </authentication-provider>
</authentication-manager>

<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
    <beans:constructor-arg name="strength" value="11" />
</beans:bean>

你说不工作是什么意思？有错误吗？您是否尝试过将spring security package设置为调试并检查日志？在没有加密的情况下，它可以正常工作，但当使用加密密码添加新用户时，当我尝试登录@Setu时，它会给我错误的凭据

<authentication-manager>
    <authentication-provider>
        <password-encoder ref="encoder" />
        <!-- your jdbc user details service declaration --> 
    </authentication-provider>
</authentication-manager>

<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
    <beans:constructor-arg name="strength" value="11" />
</beans:bean>

@Autowired
private BCryptPasswordEncoder encoder;

@RequestMapping(value = "/signup", method = RequestMethod.POST)
public String postSignUpPage(@ModelAttribute User user ,@RequestParam("password") String password) {
    user.setPassword(encoder.encode(password));
    userRepo.save(user);
    return "redirect:/signin";
}