Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/search/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring AuthenticationManagerBuilder密码哈希_Spring_Spring Security_Spring Boot - Fatal编程技术网
Fatal编程技术网
  • spring/
  • Spring AuthenticationManagerBuilder密码哈希

Spring AuthenticationManagerBuilder密码哈希

spring spring-security spring-boot

Spring AuthenticationManagerBuilder密码哈希,spring,spring-security,spring-boot,Spring,Spring Security,Spring Boot,我试图在Spring中设置用户身份验证,但在添加密码哈希后,它不会进行身份验证。我使用的是Spring Boot和Spring Security 以下是我的代码的简化版本: 客户实体: @Entity public class Customer { private String username; private String password; public Customer() { } @Column public String getUsername() {

我试图在Spring中设置用户身份验证,但在添加密码哈希后,它不会进行身份验证。我使用的是Spring Boot和Spring Security

以下是我的代码的简化版本:

客户实体:

@Entity
public class Customer {

  private String username;
  private String password;

  public Customer() {
  }

  @Column
  public String getUsername() {
    return username;
  }

  public void setUsername(String username) {
    this.username = username;
  }

  @Column(length=100)
  public String getPassword() {
    return password;
  }

  public String setPassword(String password) {
    this.password = new BCryptPasswordEncoder().encode(password);
  }
}
安全配置:

@SpringBootApplication
@EnableAutoConfiguration
public class DemoApplication {

  public static void main(String[] args) {
    SpringApplication.run(DemoApplication.class, args);
  }

@Configuration
@EnableWebSecurity
class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private UserDetailsService userDetailsService;

@Autowired
private CustomerRepository customerRepository;

@Bean
public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().anyRequest().fullyAuthenticated().and().
            httpBasic().and().
            csrf().disable();
}

@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
            .userDetailsService(userDetailsService)
            .passwordEncoder(passwordEncoder());
}

@Bean
protected UserDetailsService userDetailsService() {
    return new UserDetailsService() {

        @Override
        public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
            Customer customer = customerRepository.findByUsername(username);
            if(user != null) {
                return new User(username, customer.getPassword(), true, true, true, true,
                        AuthorityUtils.createAuthorityList("USER"));
            } else {
                throw new UsernameNotFoundException("could not find the user '"
                        + username + "'");
            }
        }
    };
}
}
正如我所说,如果我删除密码编码器(从AuthenticationManagerBuilder和客户实体中),输入用户名和密码将进行身份验证。但是,当我添加BCryptPasswordEncoder时,它不会进行身份验证,也不会给出错误消息。

不要在实体的set方法中对密码进行编码。您只需要在创建新用户时执行此操作。Spring security将处理其余的问题

不要在实体的set方法中对密码进行编码。您只需要在创建新用户时执行此操作。Spring security将处理rest@bwright:您似乎对此问题有一个实际的答案,您应该这样发布(而不是作为评论)。这似乎是同一个问题:这确实有效,但是密码现在以明文形式存储在数据库中。你知道我怎么储存散列密码吗?没关系,我知道了。我只是在构造函数中散列密码。谢谢你的帮助。