SpringBoot 2.0.2.RELEASE 中的 BCryptPasswordEncoder 定义 [英] BCryptPasswordEncoder definition in SpringBoot 2.0.2.RELEASE
问题描述
我有一个基本的 SpringBoot 应用程序.使用 Spring Initializer、JPA、嵌入式 Tomcat、Thymeleaf 模板引擎,并打包为可执行 JAR 文件.我定义了这个配置文件.
I have a basic SpringBoot app. using Spring Initializer, JPA, embedded Tomcat, Thymeleaf template engine, and package as an executable JAR file. I have this config file defined.
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Autowired
private JwtUserDetailsService jwtUserDetailsService;
@Value("${jwt.header}")
private String tokenHeader;
@Value("${jwt.route.authentication.path}")
private String authenticationPath;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(jwtUserDetailsService)
.passwordEncoder(passwordEncoderBean());
}
@Bean
public PasswordEncoder passwordEncoderBean() {
return new BCryptPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// we don't need CSRF because our token is invulnerable
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
// Un-secure H2 Database
.antMatchers("/h2-console/**/**").permitAll()
.antMatchers("/auth/**").permitAll()
.anyRequest().authenticated();
// Custom JWT based security filter
JwtAuthorizationTokenFilter authenticationTokenFilter
= new JwtAuthorizationTokenFilter(userDetailsService(), jwtTokenUtil, tokenHeader);
httpSecurity
.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
// disable page caching
httpSecurity
.headers()
.frameOptions().sameOrigin() // required to set for H2 else H2 Console will be blank.
.cacheControl();
}
@Override
public void configure(WebSecurity web) throws Exception {
// AuthenticationTokenFilter will ignore the below paths
web
.ignoring()
.antMatchers(
HttpMethod.POST,
authenticationPath
)
// allow anonymous resource requests
.and()
.ignoring()
.antMatchers(
HttpMethod.GET,
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js"
)
// Un-secure H2 Database (for testing purposes, H2 console shouldn't be unprotected in production)
.and()
.ignoring()
.antMatchers("/h2-console/**/**");
}
}
但是当我启动应用程序时.使用 Eclipse IDE 我在控制台中收到此错误:
But when I start the app. using Eclipse IDE I got this error in the console:
***************************
APPLICATION FAILED TO START
***************************
Description:
Field passwordEncoder in com.bonanza.backend.service.UserService required a bean of type 'org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder' that could not be found.
Action:
Consider defining a bean of type 'org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder' in your configuration.
甚至bean在配置文件中也有明确的定义..
Even the bean is clearly defined in the config file..
我也试过用这个其他定义来获得相同的结果
I also tried using this other definiton with the same resut
@Bean
public PasswordEncoder passwordEncoderBean() {
String idForEncode = "bcrypt";
// This is the ID we use for encoding.
String currentId = "pbkdf2.2018";
// List of all encoders we support. Old ones still need to be here for rolling updates
Map<String, PasswordEncoder> encoders = new HashMap<>();
encoders.put("bcrypt", new BCryptPasswordEncoder());
//encoders.put(currentId, new Pbkdf2PasswordEncoder(PBKDF2_2018_SECRET, PBKDF2_2018_ITERATIONS, PBKDF2_2018_HASH_WIDTH));
encoders.put(currentId, new Pbkdf2PasswordEncoder());
//return new DelegatingPasswordEncoder(idForEncode, encoders);
return new DelegatingPasswordEncoder(idForEncode, encoders);
}
推荐答案
在您的 com.bonanza.backend.service.UserService 中尝试自动装配 PassswordEncoder可能会解决问题.
Try Autowiring PassswordEncoder in your com.bonanza.backend.service.UserService may be solves the issue.
@Autowired
private PasswordEncoder bCryptPasswordEncoder;
已编辑
在你的配置文件中首先添加
In your config file First add
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(jwtuserDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoderBean());
return authenticationProvider;
}
然后在configureGlobal()方法中将auth.passwordencode(passwordencodebean())
替换为auth.authenticationProvider(authenticationProvider());
试试吧..这肯定会奏效.
Try it..this will work sure.
这篇关于SpringBoot 2.0.2.RELEASE 中的 BCryptPasswordEncoder 定义的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!