【发布时间】:2020-07-30 00:29:22
【问题描述】:
我使用 JPA 和 JWT 设置了 spring 安全性,它适用于纯文本密码,
我尝试添加 Bcrypt,但无法使其正常工作
- 我试图从存储的密码中提取盐,并在即将到来的请求中对密码进行编码,比较它们以进行身份验证。
但我买不到盐。
这是代码
//SecurityConfig
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
//Controller
@RequestMapping(value="/authenticate", method=RequestMethod.POST)
public ResponseEntity<?> createAuthenticationToken(@RequestBody AuthenticationRequest authenticationRequest) throws Exception {
try {
authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(authenticationRequest.getUsername(), authenticationRequest.getPassword())
);
} catch (BadCredentialsException e) {
throw new Exception("Incorrect username or password", e);
}
final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());
final String jwt = jwtTokenUtil.generateToken(userDetails);
return ResponseEntity.ok(new AuthenticationResponse(jwt));
}
我喜欢保存密码
//UserService
public User saveUser(UserDto userDto) {
User user = new User();
user.setUsername(userDto.getUsername());
user.setPassword(passwordEncoder.encode(userDto.getPassword()));
user.setRoles(userDto.getRoles());
user.setActive(true);
userRepository.save(user);
return user;
}
【问题讨论】:
标签: spring spring-boot spring-security spring-data-jpa bcrypt