为什么密码与PasswordEncoder不匹配？

我做了很多测试，但是找不到让它工作的方法。使用下一个基本的spring-boot项目，您可以测试密码是否相同，match方法总是返回false。

pom.hml

<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>com.example</groupId>
<artifactId>basic</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>

<name>basic</name>
<description>Basic project for Spring Boot</description>

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.0.3.RELEASE</version>
    <relativePath/>
</parent>

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <java.version>1.8</java.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.security.oauth</groupId>
        <artifactId>spring-security-oauth2</artifactId>
        <version>2.3.3.RELEASE</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-configuration-processor</artifactId>
        <optional>true</optional>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
            <configuration>
                <fork>true</fork>
            </configuration>
        </plugin>
    </plugins>
</build>

BASIC application.Java

package com.example;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@SpringBootApplication
public class BasicApplication {

    public static PasswordEncoder oauthClientPasswordEncoder = new BCryptPasswordEncoder(4);
    private static final Logger LOG = LoggerFactory.getLogger(BasicApplication.class);

    public static void main(String[] args) {
        SpringApplication.run(BasicApplication.class, args);
        String secret = oauthClientPasswordEncoder.encode("secreto");
        LOG.info("Client pass: secreto, " + oauthClientPasswordEncoder.matches(secret, "secreto"));
    }
}

日志

Attaching agents: []

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v2.0.3.RELEASE)

2019-04-04 18:06:09.183  INFO 4111 --- [           main] com.example.BasicApplication             : Starting BasicApplication on --.local with PID 4111 (/Users/--/NetBeansProjects/java/BasicSpringbootTest/target/classes started by -- in /Users/--/NetBeansProjects/java/BasicSpringbootTest)
2019-04-04 18:06:09.187  INFO 4111 --- [           main] com.example.BasicApplication             : No active profile set, falling back to default profiles: default
2019-04-04 18:06:09.227  INFO 4111 --- [           main] s.c.a.AnnotationConfigApplicationContext : Refreshing org.springframework.context.annotation.AnnotationConfigApplicationContext@6b67034: startup date [Thu Apr 04 18:06:09 CST 2019]; root of context hierarchy
2019-04-04 18:06:09.826  INFO 4111 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Registering beans for JMX exposure on startup
2019-04-04 18:06:09.838  INFO 4111 --- [           main] com.example.BasicApplication             : Started BasicApplication in 16.44 seconds (JVM running for 17.75)
2019-04-04 18:06:09.845  WARN 4111 --- [           main] o.s.s.c.bcrypt.BCryptPasswordEncoder     : Encoded password does not look like BCrypt
2019-04-04 18:06:09.845  INFO 4111 --- [           main] com.example.BasicApplication             : Client pass: secreto, false
2019-04-04 18:06:09.854  INFO 4111 --- [       Thread-2] s.c.a.AnnotationConfigApplicationContext : Closing org.springframework.context.annotation.AnnotationConfigApplicationContext@6b67034: startup date [Thu Apr 04 18:06:09 CST 2019]; root of context hierarchy
2019-04-04 18:06:09.858  INFO 4111 --- [       Thread-2] o.s.j.e.a.AnnotationMBeanExporter        : Unregistering JMX-exposed beans on shutdown

好吧，看起来我的帖子主要是代码，这里有一些更多细节：

我寻找同样的问题：编码密码看起来不像BCrypt，但所有解决方案都与人为错误或外部资源的错误有关。

您可以使用AuthorizationServerConfigurerAdapter中的BCrypPasswordEncoder以这种方式在项目中配置Spring Security OAuth2，这很奇怪：

spring security config.Java

@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    [...] // bunch of code

    @Bean
    public PasswordEncoder oauthClientPasswordEncoder() {
        return new BCryptPasswordEncoder(4);
    }
}

authorization server config.Java

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    [...] // bunch of code

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        ClientDetailsServiceBuilder.ClientBuilder cb = clients
            .inMemory()
            .withClient("pms_read")
            .resourceIds("pms")
            .secret("BCRYPTED_PASSWORD_BY_BCRYPTPASSWORDENCODER") 
            .redirectUris("http://uri.com")
            .authorities("APP")
            .scopes("read");
    }
}

它有效！，但如果你想手动匹配密码，你就是不能。