Spring Boot JWT-添加BCrypt安全性-拒绝访问

问题描述 投票:0回答:1

我有一个应用服务器,它使用带有JWT令牌的Spring引导框架。我想加密用户密码,但是遇到登录问题。我可以使用加密用户密码userModel.setPassword(new BCryptPasswordEncoder().encode(userModel.getPassword()));但是当尝试登录时,我得到了Encoded password does not look like BCrypt。我试图更改身份验证方法并通过登录对密码进行加密,但这没有用。

       new UsernamePasswordAuthenticationToken(
        authenticationRequest.getUsername(),
        new BCryptPasswordEncoder().encode( authenticationRequest.getPassword())));

如果您能指出我的直接指导或给我解决方案,我将不胜感激。下面是我的安全配置文件。

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final MyUserDetailService myUserDetailService;
    private final JwtRequestFilter jwtRequestFilter;

    public SecurityConfig(MyUserDetailService myUserDetailService, JwtRequestFilter jwtRequestFilter) {
        this.myUserDetailService = myUserDetailService;
        this.jwtRequestFilter = jwtRequestFilter;
    }

    @Override
    // Authentication : User --> Roles
    protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {

        auth.authenticationProvider(authProvider());
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public DaoAuthenticationProvider authProvider() {
        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
        authProvider.setUserDetailsService(myUserDetailService);
        authProvider.setPasswordEncoder(passwordEncoder());
        return authProvider;
    }

    @Override
    // Authorization : Role -> Access
    protected void configure(HttpSecurity http) throws Exception {

        http
                .csrf().disable()
                .formLogin().disable()
                .headers().frameOptions().disable()
                .and()
                .authorizeRequests()
                .antMatchers("/authenticate").permitAll()                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
        return source;
    }
}

我无法使用加密密码或原始密码进行身份验证(登录)。请让我知道我可以做什么来解决。

谢谢您的帮助。

spring-boot spring-security jwt bcrypt
1个回答
0
投票

如果数据库中存储的密码未正确加密,则会引发异常。

请确保它以$2a$$2b$$2y$开头并且正好是60个字符。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.