Spring Security Bcrypt编码登录不起作用

user3035305 发表于 Dev

用户名

我的应用程序是在休眠和春季MVC中。以前登录曾经可以工作，但是现在我实现了bcrypt密码编码。在那之后什么都没有用。我几乎改变了一切。在这里，我给您我的代码和配置文件。请帮助我找出问题所在。

app-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:p="http://www.springframework.org/schema/p" 
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                           http://www.springframework.org/schema/context
                           http://www.springframework.org/schema/context/spring-context-3.0.xsd
                           http://www.springframework.org/schema/security
                           http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <security:global-method-security secured-annotations="enabled" />

    <!-- These beans handle successful login and failure cases of login -->
    <bean id="myAuthenticationSuccessHandler" class="com.app.security.handler.MySimpleUrlAuthenticationSuccessHandler" />
    <bean id="myAuthenticationFailureHandler" class="com.app.security.handler.MySimpleUrlAuthenticationFailureHandler" />

    <!-- Encrypter to encrypt password -->
    <bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

    <security:http auto-config="true"><!-- 
        <security:intercept-url pattern="/home*"    access="ROLE_USER" /> -->
        <security:intercept-url pattern="/admin"    access="ROLE_ADMIN" />
        <security:intercept-url pattern="/user"     access="ROLE_USER" />
        <security:intercept-url pattern="/group-admin"  access="ROLE_GROUP_ADMIN" />
        <security:intercept-url pattern="/sponsor"  access="ROLE_SPONSOR" />

        <security:form-login    login-page="/login" 
                                default-target-url="/home"
                                authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                                authentication-success-handler-ref="myAuthenticationSuccessHandler"
        />
        <security:logout logout-success-url="/logout" />
    </security:http>

    <security:authentication-manager>
      <security:authentication-provider>
        <security:password-encoder ref="encoder" />
        <security:jdbc-user-service data-source-ref="dataSource"  
            users-by-username-query="select user_id as userId, username, password, email_address as emailAddress, active from users where username=?" 
            authorities-by-username-query="select us.user_id as userId, us.username as username, us.email_address as emailAddress, us.active as active, ur.roles from users us, user_roles ur 
              where us.role_id = ur.role_id and us.username =?  " 
        />
      </security:authentication-provider>
    </security:authentication-manager>

</beans>

UserService.java

@Service
public class UserService {

    @Autowired
    private UserDaoImpl userDaoImpl;
    @Autowired
    BCryptPasswordEncoder passwordEncoder;
    /**
     * Save data in USER table
     * @param user
     */
    public void insert(User user) {
        //Encrypting password
        user.setPassword(passwordEncoder.encode(user.getPassword()));

        userDaoImpl.save(user);
    }

User.java

@Entity
@Table(name="USERS")
public class User implements Serializable {

    private static final long serialVersionUID = 2158419746939747203L;

    @Id
    @Column(name="USER_ID")
    @GeneratedValue(strategy=GenerationType.IDENTITY)
    private long userId;

    @Column(name="USERNAME", unique = true, length=45, nullable=false)
    @NotEmpty @NotNull @Size(min=6, max=20)
    @UniqueCheck(classname="User", fieldname="username")
    private String username;

    @Column(name="PASSWORD", length=100, nullable=false)
    @NotEmpty @NotNull @Size(min=6, max=100)
    private String password;

    @Column(name="EMAIL_ADDRESS", unique = true, length=100, nullable=false)
    @UniqueCheck(classname="User", fieldname="emailAddress")
    @NotEmpty
    private String emailAddress;

    @Column(name="ACTIVE", nullable=false )
    private Integer active;

    @Column(name="ROLE_ID", nullable=false)
    private String roleid;
//getter setters

让我知道是否需要其他信息

用户名

增强编码器的位置（java文件和xml配置文件）....开始工作。

因此，config.xml

<bean 
id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">        
        <constructor-arg value="12"></constructor-arg>
</bean>

服务层代码：

/**
     * Encoding data
     * bcrypt is a key derivation function which is used in this instance as a cryptographic hash function
     * @param data
     * @return
     */
    public static String bCrypt(String data) {
        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(12);
        return passwordEncoder.encode(data);
    }

本文收集自互联网，转载请注明来源。

如有侵权，请联系[email protected] 删除。