编码密码看起来不像BCrypt [英] Encoded password does not look like BCrypt
本文介绍了编码密码看起来不像BCrypt的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在使用Spring启动,Spring安全性,oauth2和jwt来验证我的应用程序,但是我一直都会遇到这个令人讨厌的错误而且我没有想到有什么问题。希望有人可以帮助我。
我的CustomDetailsService类:
@Service
公共类CustomDetailsService实现UserDetailsService {
private static final Logger logger = LoggerFactory.getLogger(CustomDetailsService.class);
@Autowired
private UserBO userBo;
@Autowired
private RoleBO roleBo;
@Override
public UserDetails loadUserByUsername(String username)throws UsernameNotFoundException {
AppUsers appUsers = null;
try {
appUsers = this.userBo.loadUserByUsername(username);
System.out.println(======== ||| ===========+ appUsers.getUsername());
} catch(IndexOutOfBoundsException e){
抛出新的UsernameNotFoundException(用户名错误);
} catch(DataAccessException e){
e.printStackTrace();
抛出新的UsernameNotFoundException(数据库错误);
} catch(例外e){
e.printStackTrace();
抛出新的UsernameNotFoundException(未知错误);
}
if(appUsers == null){
抛出新的UsernameNotFoundException(Bad credentials);
}
logger.info(用户名:+ appUsers.getUsername());
返回buildUserFromUserEntity(appUsers);
}
private User buildUserFromUserEntity(AppUsers authUsers){
Set< UserRole> userRoles = authUsers.getUserRoles();
boolean enabled = true;
boolean accountNotExpired = true;
boolean credentialsNotExpired = true;
boolean accountNotLocked = true;
if(authUsers.getAccountIsActive()){
try {
if(authUsers.getAccountExpired()){
accountNotExpired = true;
} else if(authUsers.getAccountIsLocked()){
accountNotLocked = true;
} else {
if(containsRole((userRoles),roleBo.findRoleByName(FLEX_ADMIN))){
accountNotLocked = false;
}
}
} catch(例外e){
enabled = false;
e.printStackTrace();
}
}其他{
accountNotExpired = false;
}
//将模型用户转换为spring security user
String username = authUsers.getUsername();
String password = authUsers.getPassword();
列表< GrantedAuthority> authorities = buildUserAuthority(userRoles);
用户springUser =新用户(用户名,密码,已启用,accountNotExpired,credentialsNotExpired,accountNotLocked,权限);
返回springUser;
}
OAuth2Config:
@Configuration
公共类OAuth2Config扩展AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Bean
public JwtAccessTokenConverter tokenConverter(){
JwtAccessTokenConverter tokenConverter = new JwtAccessTokenConverter();
tokenConverter.setSigningKey(PRIVATE_KEY);
tokenConverter.setVerifierKey(PUBLIC_KEY);
返回tokenConverter;
}
@Bean
public JwtTokenStore tokenStore(){
return new JwtTokenStore(tokenConverter());
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpointsConfigurer)抛出异常{
endpointsConfigurer.authenticationManager(authenticationManager)
.tokenStore(tokenStore())
.accessTokenConverter(tokenConverter());
}
@Override
public void configure(AuthorizationServerSecurityConfigurer securityConfigurer)抛出异常{
securityConfigurer.tokenKeyAccess(permitAll())。checkTokenAccess(isAuthenticated() );
}
@Override
public void configure(ClientDetailsServiceConfigurer clients)抛出异常{
clients.inMemory()
.withClient(CLIENT_ID)
.secret(CLIENT_SECRET)
.scopes(read,write)
.authorizedGrantTypes(password,refresh_token)
.accessTokenValiditySeconds(20000)
。 refreshTokenValiditySeconds(20000);
}
}
SecurityConfig:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
公共类SecurityConfig扩展WebSecurityConfigurerAdapter {
@Autowired
CustomDetailsService customDetailsService;
@Bean
public PasswordEncoder encoder(){
return new BCryptPasswordEncoder();
}
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder)抛出异常{
authenticationManagerBuilder.userDetailsService(customDetailsService).passwordEncoder(encoder( ));
System.out.println(Done ... finito);
}
@Override
protected void configure(HttpSecurity httpSecurity)抛出异常{
httpSecurity.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.NEVER);
}
@Override
@Bean
public AuthenticationManager authenticationManager()throws Exception {
return super.authenticationManagerBean();
}
}
否错误消息除外:
Hibernate:选择appusers0_.id为id1_2_,appusers0_.account_expired为account_2_2_,appusers0_.account_is_active为account_3_2_,appusers0_.account_is_locked为account_4_2_,appusers0_.bank_acct为bank_acc5_2_ ,appusers0_.branch_id为branch_i6_2_,appusers0_.bvn为bvn7_2_,appusers0_.create_date为create_d8_2_,appusers0_.created_by为created_9_2_,appusers0_.email为email10_2_,appusers0_.email_verified_code为email_v11_2_,appusers0_.gender为gender12_2_,appusers0_.gravatar_url为gravata13_2_,appusers0_ .is_deleted为is_dele14_2_,appusers0_.lastname为lastnam15_2_,appusers0_.middlename为middlen16_2_,appusers0_.modified_by为modifie17_2_,appusers0_.modified_date为modifie18_2_,appusers0_.orgnization_id为orgniza19_2_,appusers0_.password为passwor20_2_,appusers0_.phone_no为phone_n21_2_,appusers0_.surname如姓氏22_2_,appusers0_.token_expired为t oken_e23_2_,appusers0_.username为usernam24_2_来自用户appusers0_,其中appusers0_.username =?
Tinubu
2018-03-31 01:42:03.255 INFO 4088 --- [nio-8072-exec-2] oaccC [Tomcat]。[localhost]。[/]:初始化Spring FrameworkServlet' dispatcherServlet'
2018-03-31 01:42:03.255 INFO 4088 --- [nio-8072-exec-2] osweb.servlet.DispatcherServlet:FrameworkServlet'dispatcherServlet':初始化开始
2018- 03-31 01:42:03.281 INFO 4088 --- [nio-8072-exec-2] osweb.servlet.DispatcherServlet:FrameworkServlet'dispatcherServlet':初始化完成时间为26 ms
2018-03-31 01: 42:03.489 WARN 4088 --- [nio-8072-exec-2] osscbcrypt.BCryptPasswordEncoder:编码密码看起来不像BCrypt
我的模特是:
@Entity
@Table(name =USERS )
@DynamicUpdate
公共类AppUsers {
@Id
@Column(name =ID)
@GeneratedValue(strategy = GenerationType.IDENTITY )
@ApiModelProperty(notes =用户自动生成ted identity,required = true)
private Long id;
@Column(name =username)
@ApiModelProperty(notes =username parameter,required = true)
private String username;
@Column(name =password)
@ApiModelProperty(notes =密码参数,required = true)
private String password;
@JsonManagedReference
@OneToMany(mappedBy =appUsers)
private Set< UserRole>的UserRole;
''''''setter and getters
}
角色实体:
@Entity
@Table(name =ROLE)
public class Role {
@ javax.persistence.Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name =role_id,unique = true,nullable = false)
private Long Id;
@Column(name =name)
private String roleName;
@JsonManagedReference
@OneToMany(mappedBy =role)
private Set< UserRole>的UserRole;
// getter and setters
}
User_Rple实体:
@Entity
@Table(name =USER_ROLE)
@DynamicUpdate
公共类UserRole实现Serializable {
private static final long serialVersionUID = 6128016096756071383L;
@Id
@Column(name =ID)
@GeneratedValue(strategy = GenerationType.IDENTITY)
@ApiModelProperty(notes =自动生成用户名 identity,required = true)
private long id;
@JsonBackReference
@ManyToOne //(fetch = FetchType.LAZY)
private AppUsers appUsers;
@JsonBackReference
@ManyToOne //(fetch = FetchType.LAZY)
private角色;
// getter and setters
}
我的密码在数据库是正确加密的Spring安全BCrypt和它的数据类型是varchar(255),大于60.
提前谢谢
解决方案
BCryptPasswordEncoder在无法将原始密码与编码密码匹配时显示此警告。
哈希密码现在可能是$ 2b或$ 2y。
Spring Security中有一个错误,它有一个正则表达式总是在寻找$ 2a。在BCryptPasswordEncoder.class的matches()函数中设置一个调试点。 / p>
I am using Spring boot, spring security, oauth2 and jwt to authenticate my application, but I keep getting this nasty error and I don't have anu idea what is wrong. Hope somebody can help me out.
my CustomDetailsService class:
@Service
public class CustomDetailsService implements UserDetailsService {
private static final Logger logger = LoggerFactory.getLogger(CustomDetailsService.class);
@Autowired
private UserBO userBo;
@Autowired
private RoleBO roleBo;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
AppUsers appUsers = null;
try {
appUsers = this.userBo.loadUserByUsername(username);
System.out.println("========|||=========== "+appUsers.getUsername());
}catch(IndexOutOfBoundsException e){
throw new UsernameNotFoundException("Wrong username");
}catch(DataAccessException e){
e.printStackTrace();
throw new UsernameNotFoundException("Database Error");
}catch(Exception e){
e.printStackTrace();
throw new UsernameNotFoundException("Unknown Error");
}
if(appUsers == null){
throw new UsernameNotFoundException("Bad credentials");
}
logger.info("Username: "+appUsers.getUsername());
return buildUserFromUserEntity(appUsers);
}
private User buildUserFromUserEntity(AppUsers authUsers) {
Set<UserRole> userRoles = authUsers.getUserRoles();
boolean enabled = true;
boolean accountNotExpired = true;
boolean credentialsNotExpired = true;
boolean accountNotLocked = true;
if (authUsers.getAccountIsActive()) {
try {
if(authUsers.getAccountExpired()){
accountNotExpired = true;
} else if (authUsers.getAccountIsLocked()) {
accountNotLocked = true;
} else {
if (containsRole((userRoles), roleBo.findRoleByName("FLEX_ADMIN"))){
accountNotLocked = false;
}
}
}catch(Exception e){
enabled = false;
e.printStackTrace();
}
}else {
accountNotExpired = false;
}
// convert model user to spring security user
String username = authUsers.getUsername();
String password = authUsers.getPassword();
List<GrantedAuthority> authorities = buildUserAuthority(userRoles);
User springUser = new User(username, password,enabled, accountNotExpired, credentialsNotExpired, accountNotLocked, authorities);
return springUser;
}
OAuth2Config :
@Configuration
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Bean
public JwtAccessTokenConverter tokenConverter() {
JwtAccessTokenConverter tokenConverter = new JwtAccessTokenConverter();
tokenConverter.setSigningKey(PRIVATE_KEY);
tokenConverter.setVerifierKey(PUBLIC_KEY);
return tokenConverter;
}
@Bean
public JwtTokenStore tokenStore() {
return new JwtTokenStore(tokenConverter());
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpointsConfigurer) throws Exception {
endpointsConfigurer.authenticationManager(authenticationManager)
.tokenStore(tokenStore())
.accessTokenConverter(tokenConverter());
}
@Override
public void configure(AuthorizationServerSecurityConfigurer securityConfigurer) throws Exception {
securityConfigurer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient(CLIENT_ID)
.secret(CLIENT_SECRET)
.scopes("read","write")
.authorizedGrantTypes("password","refresh_token")
.accessTokenValiditySeconds(20000)
.refreshTokenValiditySeconds(20000);
}
}
SecurityConfig:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomDetailsService customDetailsService;
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder.userDetailsService(customDetailsService).passwordEncoder(encoder());
System.out.println("Done...finito");
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.NEVER);
}
@Override
@Bean
public AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManagerBean();
}
}
NO Error Message except :
Hibernate: select appusers0_.id as id1_2_, appusers0_.account_expired as account_2_2_, appusers0_.account_is_active as account_3_2_, appusers0_.account_is_locked as account_4_2_, appusers0_.bank_acct as bank_acc5_2_, appusers0_.branch_id as branch_i6_2_, appusers0_.bvn as bvn7_2_, appusers0_.create_date as create_d8_2_, appusers0_.created_by as created_9_2_, appusers0_.email as email10_2_, appusers0_.email_verified_code as email_v11_2_, appusers0_.gender as gender12_2_, appusers0_.gravatar_url as gravata13_2_, appusers0_.is_deleted as is_dele14_2_, appusers0_.lastname as lastnam15_2_, appusers0_.middlename as middlen16_2_, appusers0_.modified_by as modifie17_2_, appusers0_.modified_date as modifie18_2_, appusers0_.orgnization_id as orgniza19_2_, appusers0_.password as passwor20_2_, appusers0_.phone_no as phone_n21_2_, appusers0_.surname as surname22_2_, appusers0_.token_expired as token_e23_2_, appusers0_.username as usernam24_2_ from users appusers0_ where appusers0_.username=?
Tinubu
2018-03-31 01:42:03.255 INFO 4088 --- [nio-8072-exec-2] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring FrameworkServlet 'dispatcherServlet'
2018-03-31 01:42:03.255 INFO 4088 --- [nio-8072-exec-2] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
2018-03-31 01:42:03.281 INFO 4088 --- [nio-8072-exec-2] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 26 ms
2018-03-31 01:42:03.489 WARN 4088 --- [nio-8072-exec-2] o.s.s.c.bcrypt.BCryptPasswordEncoder : Encoded password does not look like BCrypt
My Model are :
@Entity
@Table(name="USERS")
@DynamicUpdate
public class AppUsers {
@Id
@Column(name="ID")
@GeneratedValue(strategy = GenerationType.IDENTITY)
@ApiModelProperty(notes = "The user auto generated identity", required = true)
private Long id;
@Column(name="username")
@ApiModelProperty(notes = "The username parameter", required = true)
private String username;
@Column(name="password")
@ApiModelProperty(notes = "The password parameter", required = true)
private String password;
@JsonManagedReference
@OneToMany(mappedBy="appUsers")
private Set<UserRole> userRoles;
'''''' setters and getters
}
Role entity:
@Entity
@Table(name="ROLE")
public class Role {
@javax.persistence.Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "role_id", unique = true, nullable = false)
private Long Id;
@Column(name = "name")
private String roleName;
@JsonManagedReference
@OneToMany(mappedBy="role")
private Set<UserRole> userRoles;
//getters and setters
}
User_Rple entity:
@Entity
@Table(name="USER_ROLE")
@DynamicUpdate
public class UserRole implements Serializable {
private static final long serialVersionUID = 6128016096756071383L;
@Id
@Column(name="ID")
@GeneratedValue(strategy = GenerationType.IDENTITY)
@ApiModelProperty(notes = "The userrole auto generated identity", required = true)
private long id;
@JsonBackReference
@ManyToOne//(fetch=FetchType.LAZY)
private AppUsers appUsers;
@JsonBackReference
@ManyToOne//(fetch=FetchType.LAZY)
private Role role;
// getters and setters
}
My password in database is properly encrypted Spring security BCrypt and it datatype is varchar(255) which is larger than 60. Thanks in advance
解决方案
BCryptPasswordEncoder shows this warning when it fails to match a raw password with an encoded password.
The hashed password might be "$2b" or "$2y" now.
And there is a bug in Spring Security that has a regex always looking for "$2a".Put a debug point at matches() function in BCryptPasswordEncoder.class.
这篇关于编码密码看起来不像BCrypt的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
