Spring Security bcrypt编码登录不起作用 [英] Spring Security bcrypt encoding login is not working

问题描述

我的应用程序是在hibernate和spring MVC中。以前登录用于工作，但现在我实现了bcrypt编码的密码。之后没有任何工作。我几乎改变了一切。这里我给你我的代码和配置文件。请帮助我找出问题。

app-security.xml

 <？xml version =1.0encoding =UTF-8？> 
< beans xmlns =http://www.springframework.org/schema/beans
 xmlns：xsi =http://www.w3.org/2001/XMLSchema-instance
 xmlns：security =http://www.springframework.org/schema/security
 xmlns：p =http://www.springframework.org/schema/p
 xsi ：schemaLocation =http://www.springframework.org/schema/beans 
 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
 http：// www.springframework.org/schema/context 
 http://www.springframework.org/schema/context/spring-context-3.0.xsd 
 http://www.springframework.org/schema/ security 
 http://www.springframework.org/schema/security/spring-security-3.2.xsd\"> 
 
< security：global-method-security secured-annotations =enabled/> 
 
<！ - 这些bean处理成功登录和登录失败的情况 - > 
< bean id =myAuthenticationSuccessHandlerclass =com.app.security.handler.MySimpleUrlAuthenticationSuccessHandler/> 
< bean id =myAuthenticationFailureHandlerclass =com.app.security.handler.MySimpleUrlAuthenticationFailureHandler/> 
 
<！ - 加密密码的加密 - > 
< bean id =encoderclass =org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder/> 
 
< security：http auto-config =true><！ -  
< security：intercept-url pattern =/ home *access =ROLE_USER /> - > 
< security：intercept-url pattern =/ adminaccess =ROLE_ADMIN/> 
< security：intercept-url pattern =/ useraccess =ROLE_USER/> 
< security：intercept-url pattern =/ group-adminaccess =ROLE_GROUP_ADMIN/> 
< security：intercept-url pattern =/ sponsoraccess =ROLE_SPONSOR/> 
 
< security：form-login login-page =/ login
 default-target-url =/ home
 authentication-failure-handler-ref = myAuthenticationFailureHandler
 authentication-success-handler-ref =myAuthenticationSuccessHandler
 /> 
< security：logout logout-success-url =/ logout/> 
< / security：http> 
 
< security：authentication-manager> 
< security：authentication-provider> 
< security：password-encoder ref =encoder/> 
< security：jdbc-user-service data-source-ref =dataSource
 users-by-username-query =select user_id as userId，username，password，email_address as emailAddress，active from用户的用户名=？ 
 authority-by-username-query =select us.user_id as userId，us.username as username，us.email_address as emailAddress，us.active as active，ur.roles from users us，user_roles ur 
 where us.role_id = ur.role_id and us.username =？
 /> 
< / security：authentication-provider> 
< / security：authentication-manager> 
 
< / beans> 
  

UserService.java

  @Service 
 public class UserService {
 
 @Autowired 
 private UserDaoImpl userDaoImpl; 
 @Autowired 
 BCryptPasswordEncoder passwordEncoder; 
 / ** 
 *在USER表中保存数据
 * @param user 
 * / 
 public void insert（User user）{
 //加密密码
 user.setPassword（passwordEncoder.encode（user.getPassword（）））; 
 
 userDaoImpl.save（user）; 
} 
  

User.java

  @Entity 
 @Table（name =USERS）
 public class User implements Serializable {
 
 private static final long serialVersionUID = 2158419746939747203L; 
 
 @Id 
 @Column（name =USER_ID）
 @GeneratedValue（strategy = GenerationType.IDENTITY）
 private long userId; 
 
 @Column（name =USERNAME，unique = true，length = 45，nullable = false）
 @NotEmpty @NotNull @Size（min = 6，max = 20）
 @UniqueCheck（classname =User，fieldname =username）
 private String username; 
 
 @Column（name =PASSWORD，length = 100，nullable = false）
 @NotEmpty @NotNull @Size（min = 6，max = 100）
 private String密码; 
 
 @Column（name =EMAIL_ADDRESS，unique = true，length = 100，nullable = false）
 @UniqueCheck（classname =User，fieldname =emailAddress $ b @NotEmpty 
 private String emailAddress; 
 
 @Column（name =ACTIVE，nullable = false）
 private Integer active; 
 
 @Column（name =ROLE_ID，nullable = false）
 private String roleid; 
 // getter setters 
  

让我知道是否需要其他信息

解决方案

在两个地方（java文件和xml配置文件）中赋予编码器强度....它开始工作。

所以，
config.xml

  < bean 
 id =encoderclass =org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder> 
< constructor-arg value =12>< / constructor-arg> 
< / bean> 
  

服务层代码：

  / ** 
 *编码数据
 * bcrypt是一个密钥导出函数，在此实例中用作加密散列函数
 * @param data 
 * @return 
 * / 
 public static String bCrypt（String data）{
 BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder（12）; 
 return passwordEncoder.encode（data）; 
} 
  

My application is in hibernate and spring MVC. Previously log in used to work but now I implemented bcrypt encoding for password. after that nothing is working. I changed almost everything. Here I am giving you my code and config files. Please help me in finding out the problem.

app-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:p="http://www.springframework.org/schema/p" 
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                           http://www.springframework.org/schema/context
                           http://www.springframework.org/schema/context/spring-context-3.0.xsd
                           http://www.springframework.org/schema/security
                           http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <security:global-method-security secured-annotations="enabled" />

    <!-- These beans handle successful login and failure cases of login -->
    <bean id="myAuthenticationSuccessHandler" class="com.app.security.handler.MySimpleUrlAuthenticationSuccessHandler" />
    <bean id="myAuthenticationFailureHandler" class="com.app.security.handler.MySimpleUrlAuthenticationFailureHandler" />

    <!-- Encrypter to encrypt password -->
    <bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

    <security:http auto-config="true"><!-- 
        <security:intercept-url pattern="/home*"    access="ROLE_USER" /> -->
        <security:intercept-url pattern="/admin"    access="ROLE_ADMIN" />
        <security:intercept-url pattern="/user"     access="ROLE_USER" />
        <security:intercept-url pattern="/group-admin"  access="ROLE_GROUP_ADMIN" />
        <security:intercept-url pattern="/sponsor"  access="ROLE_SPONSOR" />

        <security:form-login    login-page="/login" 
                                default-target-url="/home"
                                authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                                authentication-success-handler-ref="myAuthenticationSuccessHandler"
        />
        <security:logout logout-success-url="/logout" />
    </security:http>

    <security:authentication-manager>
      <security:authentication-provider>
        <security:password-encoder ref="encoder" />
        <security:jdbc-user-service data-source-ref="dataSource"  
            users-by-username-query="select user_id as userId, username, password, email_address as emailAddress, active from users where username=?" 
            authorities-by-username-query="select us.user_id as userId, us.username as username, us.email_address as emailAddress, us.active as active, ur.roles from users us, user_roles ur 
              where us.role_id = ur.role_id and us.username =?  " 
        />
      </security:authentication-provider>
    </security:authentication-manager>

</beans>

UserService.java

@Service
public class UserService {

    @Autowired
    private UserDaoImpl userDaoImpl;
    @Autowired
    BCryptPasswordEncoder passwordEncoder;
    /**
     * Save data in USER table
     * @param user
     */
    public void insert(User user) {
        //Encrypting password
        user.setPassword(passwordEncoder.encode(user.getPassword()));

        userDaoImpl.save(user);
    }

User.java

@Entity
@Table(name="USERS")
public class User implements Serializable {

    private static final long serialVersionUID = 2158419746939747203L;

    @Id
    @Column(name="USER_ID")
    @GeneratedValue(strategy=GenerationType.IDENTITY)
    private long userId;

    @Column(name="USERNAME", unique = true, length=45, nullable=false)
    @NotEmpty @NotNull @Size(min=6, max=20)
    @UniqueCheck(classname="User", fieldname="username")
    private String username;

    @Column(name="PASSWORD", length=100, nullable=false)
    @NotEmpty @NotNull @Size(min=6, max=100)
    private String password;

    @Column(name="EMAIL_ADDRESS", unique = true, length=100, nullable=false)
    @UniqueCheck(classname="User", fieldname="emailAddress")
    @NotEmpty
    private String emailAddress;

    @Column(name="ACTIVE", nullable=false )
    private Integer active;

    @Column(name="ROLE_ID", nullable=false)
    private String roleid;
//getter setters

Let me know if any other info is needed

解决方案

Give strength to encoder in both the places (java file and xml config file)....it starts working.

So, config.xml

<bean 
id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">        
        <constructor-arg value="12"></constructor-arg>
</bean>

Service Layer Code:

/**
     * Encoding data
     * bcrypt is a key derivation function which is used in this instance as a cryptographic hash function
     * @param data
     * @return
     */
    public static String bCrypt(String data) {
        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(12);
        return passwordEncoder.encode(data);
    }

这篇关于Spring Security bcrypt编码登录不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！