Bcrypt自定义密码配置 [英] Bcrypt Custom password configuration
问题描述
我正在更改密码,然后转发到/loginuser并重定向到用户仪表板.自从我是一个初学者以来,我就已经通过httpbasic身份验证来确保这一点,我在休眠状态下使用createNativeSQLQuery并从数据库中获取结果.我是否必须实现任何UserDetailsService接口Spring Security?我的目标是仅实现加密密码并将其存储在数据库中.我面临的问题是,我添加了一个Bean配置,例如,
i am changing the password and then forwarding to /loginuser and redirect to users dashboard. i had secured this with httpbasic authentication since i am a beginner, I am using createNativeSQLQuery in hibernate and fetching the results from Database. Did I have to implement any UserDetailsService Interface Spring Security? My goal is to only achieve encrypting password and store it DB. the issue i am facing is, I had added a bean configuration such as,
@Bean
public PasswordEncoder customPasswordEncoder() {
return new BCryptPasswordEncoder(){
@Override
public String encode(CharSequence rawPassword) {
return BCrypt.hashpw(rawPassword.toString(), BCrypt.gensalt(4));
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return BCrypt.checkpw(rawPassword.toString(), encodedPassword);
}
};
}
我不知道为什么会抛出此异常.我们应该对盐弹进行硬编码吗?
I don't know why its throwing this exception. should we hard-code the salt rounds?
java.lang.IllegalArgumentException: Invalid salt
at org.springframework.security.crypto.bcrypt.BCrypt.hashpw(BCrypt.java:552) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.crypto.bcrypt.BCrypt.checkpw(BCrypt.java:659) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at com.bootapp.FullTimeEquivalents.config.PasswordEncoderConfig$1.matches(PasswordEncoderConfig.java:29) ~[classes/:na]
推荐答案
@Autowired
DataSource dataSource;
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource).passwordEncoder(passwordEncoder());
}
这篇关于Bcrypt自定义密码配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
