密码没有被编码。它被保存为与用户登录时输入的密码相同。我已经尝试使用BCryptPasswordEncoder,但它不起作用。似乎我在某处犯了错误。请帮助!
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsServiceImpl userDetailsService;
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
/**
* Password Encoder Bean
*/
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
/**
* Authentication Manager Bean.
* It is required for login process
*/
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
private JwtAuthenticationFilter jwtAuthenticationFilter;
/**
* Method for configuring the authentication service based on user details
* provided
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(this.passwordEncoder());
}
/**
* Method for configuring HTTP requests for the application
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/generate-token").permitAll()
.antMatchers(HttpMethod.POST).permitAll()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.anyRequest().authenticated().and().exceptionHandling().authenticationEntryPoint(unauthorizedHandler)
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// Check JWT authentication token before any request
http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
}
}这是安全配置类。我怀疑错误可能只在这个类中出现
1条答案
按热度按时间mfpqipee1#
你的
SecurityConfig没问题。我想你误解了这里
auth.userDetailsService(userDetailsService).passwordEncoder(this.passwordEncoder());的用法。此代码将在授权和身份验证时对密码应用
BCryptPasswordEncoder,而不是在将用户存储到DB中时。在数据库上保存用户密码时,您应该手动对用户密码进行编码。
大概是这样的: