Spring Security bcrypt编码登录不起作用 [英] Spring Security bcrypt encoding login is not working
本文介绍了Spring Security bcrypt编码登录不起作用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
app-security.xml
<?xml version =1.0encoding =UTF-8?>
< beans xmlns =http://www.springframework.org/schema/beans
xmlns:xsi =http://www.w3.org/2001/XMLSchema-instance
xmlns:security =http://www.springframework.org/schema/security
xmlns:p =http://www.springframework.org/schema/p
xsi :schemaLocation =http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http:// www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/ security
http://www.springframework.org/schema/security/spring-security-3.2.xsd\">
< security:global-method-security secured-annotations =enabled/>
<! - 这些bean处理成功登录和登录失败的情况 - >
< bean id =myAuthenticationSuccessHandlerclass =com.app.security.handler.MySimpleUrlAuthenticationSuccessHandler/>
< bean id =myAuthenticationFailureHandlerclass =com.app.security.handler.MySimpleUrlAuthenticationFailureHandler/>
<! - 加密密码的加密 - >
< bean id =encoderclass =org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder/>
< security:http auto-config =true><! -
< security:intercept-url pattern =/ home *access =ROLE_USER /> - >
< security:intercept-url pattern =/ adminaccess =ROLE_ADMIN/>
< security:intercept-url pattern =/ useraccess =ROLE_USER/>
< security:intercept-url pattern =/ group-adminaccess =ROLE_GROUP_ADMIN/>
< security:intercept-url pattern =/ sponsoraccess =ROLE_SPONSOR/>
< security:form-login login-page =/ login
default-target-url =/ home
authentication-failure-handler-ref = myAuthenticationFailureHandler
authentication-success-handler-ref =myAuthenticationSuccessHandler
/>
< security:logout logout-success-url =/ logout/>
< / security:http>
< security:authentication-manager>
< security:authentication-provider>
< security:password-encoder ref =encoder/>
< security:jdbc-user-service data-source-ref =dataSource
users-by-username-query =select user_id as userId,username,password,email_address as emailAddress,active from用户的用户名=?
authority-by-username-query =select us.user_id as userId,us.username as username,us.email_address as emailAddress,us.active as active,ur.roles from users us,user_roles ur
where us.role_id = ur.role_id and us.username =?
/>
< / security:authentication-provider>
< / security:authentication-manager>
< / beans>
UserService.java
@Service
public class UserService {
@Autowired
private UserDaoImpl userDaoImpl;
@Autowired
BCryptPasswordEncoder passwordEncoder;
/ **
*在USER表中保存数据
* @param user
* /
public void insert(User user){
//加密密码
user.setPassword(passwordEncoder.encode(user.getPassword()));
userDaoImpl.save(user);
}
User.java
@Entity
@Table(name =USERS)
public class User implements Serializable {
private static final long serialVersionUID = 2158419746939747203L;
@Id
@Column(name =USER_ID)
@GeneratedValue(strategy = GenerationType.IDENTITY)
private long userId;
@Column(name =USERNAME,unique = true,length = 45,nullable = false)
@NotEmpty @NotNull @Size(min = 6,max = 20)
@UniqueCheck(classname =User,fieldname =username)
private String username;
@Column(name =PASSWORD,length = 100,nullable = false)
@NotEmpty @NotNull @Size(min = 6,max = 100)
private String密码;
@Column(name =EMAIL_ADDRESS,unique = true,length = 100,nullable = false)
@UniqueCheck(classname =User,fieldname =emailAddress $ b @NotEmpty
private String emailAddress;
@Column(name =ACTIVE,nullable = false)
private Integer active;
@Column(name =ROLE_ID,nullable = false)
private String roleid;
// getter setters
让我知道是否需要其他信息
解决方案
在两个地方(java文件和xml配置文件)中赋予编码器强度....它开始工作。
所以,
config.xml
< bean
id =encoderclass =org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder>
< constructor-arg value =12>< / constructor-arg>
< / bean>
服务层代码:
/ **
*编码数据
* bcrypt是一个密钥导出函数,在此实例中用作加密散列函数
* @param data
* @return
* /
public static String bCrypt(String data){
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(12);
return passwordEncoder.encode(data);
}
My application is in hibernate and spring MVC. Previously log in used to work but now I implemented bcrypt encoding for password. after that nothing is working. I changed almost everything. Here I am giving you my code and config files. Please help me in finding out the problem.
app-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<security:global-method-security secured-annotations="enabled" />
<!-- These beans handle successful login and failure cases of login -->
<bean id="myAuthenticationSuccessHandler" class="com.app.security.handler.MySimpleUrlAuthenticationSuccessHandler" />
<bean id="myAuthenticationFailureHandler" class="com.app.security.handler.MySimpleUrlAuthenticationFailureHandler" />
<!-- Encrypter to encrypt password -->
<bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<security:http auto-config="true"><!--
<security:intercept-url pattern="/home*" access="ROLE_USER" /> -->
<security:intercept-url pattern="/admin" access="ROLE_ADMIN" />
<security:intercept-url pattern="/user" access="ROLE_USER" />
<security:intercept-url pattern="/group-admin" access="ROLE_GROUP_ADMIN" />
<security:intercept-url pattern="/sponsor" access="ROLE_SPONSOR" />
<security:form-login login-page="/login"
default-target-url="/home"
authentication-failure-handler-ref="myAuthenticationFailureHandler"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:password-encoder ref="encoder" />
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select user_id as userId, username, password, email_address as emailAddress, active from users where username=?"
authorities-by-username-query="select us.user_id as userId, us.username as username, us.email_address as emailAddress, us.active as active, ur.roles from users us, user_roles ur
where us.role_id = ur.role_id and us.username =? "
/>
</security:authentication-provider>
</security:authentication-manager>
</beans>
UserService.java
@Service
public class UserService {
@Autowired
private UserDaoImpl userDaoImpl;
@Autowired
BCryptPasswordEncoder passwordEncoder;
/**
* Save data in USER table
* @param user
*/
public void insert(User user) {
//Encrypting password
user.setPassword(passwordEncoder.encode(user.getPassword()));
userDaoImpl.save(user);
}
User.java
@Entity
@Table(name="USERS")
public class User implements Serializable {
private static final long serialVersionUID = 2158419746939747203L;
@Id
@Column(name="USER_ID")
@GeneratedValue(strategy=GenerationType.IDENTITY)
private long userId;
@Column(name="USERNAME", unique = true, length=45, nullable=false)
@NotEmpty @NotNull @Size(min=6, max=20)
@UniqueCheck(classname="User", fieldname="username")
private String username;
@Column(name="PASSWORD", length=100, nullable=false)
@NotEmpty @NotNull @Size(min=6, max=100)
private String password;
@Column(name="EMAIL_ADDRESS", unique = true, length=100, nullable=false)
@UniqueCheck(classname="User", fieldname="emailAddress")
@NotEmpty
private String emailAddress;
@Column(name="ACTIVE", nullable=false )
private Integer active;
@Column(name="ROLE_ID", nullable=false)
private String roleid;
//getter setters
Let me know if any other info is needed
解决方案
Give strength to encoder in both the places (java file and xml config file)....it starts working.
So, config.xml
<bean
id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<constructor-arg value="12"></constructor-arg>
</bean>
Service Layer Code:
/**
* Encoding data
* bcrypt is a key derivation function which is used in this instance as a cryptographic hash function
* @param data
* @return
*/
public static String bCrypt(String data) {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(12);
return passwordEncoder.encode(data);
}
这篇关于Spring Security bcrypt编码登录不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文