Spring Security 使用authenticationManagerSpring Boot Java进行手动身份验证

gk7wooem  于 2023-01-20  发布在  Spring
关注(0)|答案(1)|浏览(222)

我尝试使用authenticationManager在服务内部手动验证用户:

Authentication authenticate = authenticationManager.authenticate(
            new UsernamePasswordAuthenticationToken(
                    user,
                    senha,
                    Collections.emptyList()
            ));

但每次我从经理那里得到以下异常:

"There is no PasswordEncoder mapped for the id \"null\""

正在通过以下方式导入authenticationManager:

@Autowired
private AuthenticationManager authenticationManager;

我已经尝试将密码输入更改为{bcrypt}password,以通知正确的passwordEncoder,但错误仍然存在,我还创建了一个BCryptPassword Bean,它在配置文件中定义,如下所示:

@Configuration
    public class BeansConfig {
        @Bean
        public BCryptPasswordEncoder bCryptPasswordEncoder(){
            return new BCryptPasswordEncoder();
        }
    }

EDIT 1:这是发送到authenticationManager的密码格式:{bcrypt}$2a$10$[...]
编辑2:正如建议的那样,我已经在BCryptPasswordEncoder的同一个配置文件中实现了以下Bean:

@Bean
public PasswordEncoder delegatingPasswordEncoder() {
    PasswordEncoder defaultEncoder = new StandardPasswordEncoder();
    Map<String, PasswordEncoder> encoders = new HashMap<>();
    encoders.put("bcrypt", new BCryptPasswordEncoder());
    encoders.put("scrypt", new SCryptPasswordEncoder());

    DelegatingPasswordEncoder passworEncoder = new DelegatingPasswordEncoder(
      "bcrypt", encoders);
    passworEncoder.setDefaultPasswordEncoderForMatches(defaultEncoder);

    return passworEncoder;
}

但错误依然存在。
有关更多问题,请参阅我在WebSecurity.java文件中配置密码编码的方式:

@Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
    }

EDIT 4:按照建议,我删除了BCryptPassword bean,并将密码编码设置为delegatingPasswordEncoding,如下所示:

@Autowired
private PasswordEncoder passwordEncoder;

public WebSecurity(UserDetailsServiceImpl userService, PasswordEncoder passwordEncoder){
        this.userDetailsService = userService;
        this.passwordEncoder = passwordEncoder;
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(this.passwordEncoder);
}

但现在我得到了以下错误,

java.lang.IllegalArgumentException: Detected a Non-hex character at 1 or 2 position
    at org.springframework.security.crypto.codec.Hex.decode(Hex.java:58) ~[spring-security-crypto-5.7.1.jar:5.7.1]
    at org.springframework.security.crypto.password.StandardPasswordEncoder.decode(StandardPasswordEncoder.java:106) ~[spring-security-crypto-5.7.1.jar:5.7.1]

我的密码,仍然,beeing发送这样:{bcrypt}$2a$10$[...]
作为参考,我试着这样做:https://www.baeldung.com/manually-set-user-authentication-spring-security

spring-security

1条答案

按热度按时间
wpcxdonn

wpcxdonn1#

在调试过程中,我发现authenticationManager使用的DaoAuthenticationProvider包含了错误的passwordEncoder。

@Bean
public DaoAuthenticationProvider authProvider() {
    DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
    authProvider.setUserDetailsService(userDetailsService);
    authProvider.setPasswordEncoder(bCryptPasswordEncoder);
    return authProvider;
}

并将我的AuthenticationManagerBuilder设置为:

@Override
    protected void configure(AuthenticationManagerBuilder auth){
        auth.authenticationProvider(authProvider());
}

里面的www.example.com配置文件解决了我所有的问题。WebSecurity.java configuration file solved all my problems.
参考:Custom Authentication Provider

赞(0)分享  回复(0)举报  2023-01-20
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com