Spring AuthenticationManagerBuilder密码哈希
我试图在Spring中设置用户身份验证,但在添加密码哈希后,它不会进行身份验证。我使用的是Spring Boot和Spring Security 以下是我的代码的简化版本: 客户实体:Spring AuthenticationManagerBuilder密码哈希,spring,spring-security,spring-boot,Spring,Spring Security,Spring Boot,我试图在Spring中设置用户身份验证,但在添加密码哈希后,它不会进行身份验证。我使用的是Spring Boot和Spring Security 以下是我的代码的简化版本: 客户实体: @Entity public class Customer { private String username; private String password; public Customer() { } @Column public String getUsername() {
@Entity
public class Customer {
private String username;
private String password;
public Customer() {
}
@Column
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
@Column(length=100)
public String getPassword() {
return password;
}
public String setPassword(String password) {
this.password = new BCryptPasswordEncoder().encode(password);
}
}
安全配置:
@SpringBootApplication
@EnableAutoConfiguration
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
@Configuration
@EnableWebSecurity
class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private CustomerRepository customerRepository;
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated().and().
httpBasic().and().
csrf().disable();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
@Bean
protected UserDetailsService userDetailsService() {
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Customer customer = customerRepository.findByUsername(username);
if(user != null) {
return new User(username, customer.getPassword(), true, true, true, true,
AuthorityUtils.createAuthorityList("USER"));
} else {
throw new UsernameNotFoundException("could not find the user '"
+ username + "'");
}
}
};
}
}
正如我所说,如果我删除密码编码器(从AuthenticationManagerBuilder和客户实体中),输入用户名和密码将进行身份验证。但是,当我添加BCryptPasswordEncoder时,它不会进行身份验证,也不会给出错误消息。不要在实体的set方法中对密码进行编码。您只需要在创建新用户时执行此操作。Spring security将处理其余的问题不要在实体的set方法中对密码进行编码。您只需要在创建新用户时执行此操作。Spring security将处理rest@bwright:您似乎对此问题有一个实际的答案,您应该这样发布(而不是作为评论)。这似乎是同一个问题:这确实有效,但是密码现在以明文形式存储在数据库中。你知道我怎么储存散列密码吗?没关系,我知道了。我只是在构造函数中散列密码。谢谢你的帮助。