我是Java/Spring引导的新手,我正在使用jwt登录。
发生的事情是我在创建用户方面做得很好,问题是当我想登录邮递员时,我得到"401 错误凭据",并且在 netbeans 控制台中我得到编码密码看起来不像 Bcrypt,并且我失败了开始方法。
我疯狂地阅读了我的代码,但仍然无法弄清楚它出了什么问题。
身份验证控制器.java
java
@RestController
@RequestMapping("/auth")
@CrossOrigin
public class AuthController {
@Autowired
PasswordEncoder passwordEncoder;
@Autowired
AuthenticationManager authenticationManager;
@Autowired
UserService userService;
@Autowired
RolService rolService;
@Autowired
JwtProvider jwtProvider;
@PostMapping("/new")
public ResponseEntity<?> nuevo(@Valid @RequestBody NewUser newUser, BindingResult bindingResult){
if(bindingResult.hasErrors())
return new ResponseEntity(new Msg("Campos o email inválido"), HttpStatus.BAD_REQUEST);
if(userService.existsByUsername(newUser.getUsername))
return new ResponseEntity(new Msg("Nombre de usuario existente"), HttpStatus.BAD_REQUEST);
if(userService.existsByEmail(newUser.getEmail))
return new ResponseEntity(new Msg("Email existente"), HttpStatus.BAD_REQUEST);
User user = new User(newUser.getName(), newUser.getUsername(), newUser.getEmail(), passwordEncoder.encode(newUser.getPassword()));
Set<Rol> roles = new HashSet<>();
roles.add(rolService.getByRolName(RolName.ROLE_USER).get());
if(newUser.getRoles().contains("admin"))
roles.add(rolService.getByRolName(RolName.ROLE_ADMIN).get());
user.setRoles(roles);
userService.save(user);
return new ResponseEntity(new Msg("usuario guardado"), HttpStatus.CREATED);
}
@PostMapping("/login")
public ResponseEntity<JwtDto> login (@Valid @RequestBody UserLogin userLogin, BindingResult bindingResult){
if (bindingResult.hasErrors())
return new ResponseEntity(new Msg("Campos mal ingresados"), HttpStatus.BAD_REQUEST);
Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(
userLogin.getUsername(), userLogin.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
String jwt = jwtProvider.generateToken(authentication);
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
JwtDto jwtDto = new JwtDto(jwt, userDetails.getUsername(), userDetails.getAuthorities());
return new ResponseEntity(jwtDto, HttpStatus.OK);
}
}
主安全.java
java
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class MainSecurity {
@Autowired
UserDetailsServiceImpl userDetailsServiceImpl;
@Autowired
JwtEntryPoint jwtEntryPoint;
@Bean
public JwtTokenFilter jwtTokenFilter() {
return new JwtTokenFilter();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable()
.exceptionHandling().authenticationEntryPoint(jwtEntryPoint).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeHttpRequests()
.requestMatchers("/**").permitAll()
.anyRequest().authenticated();
http.addFilterBefore(jwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
return http.build();
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("*");
}
};
}
}
您似乎实际上并没有在数据库中存储bcrypt编码的密码。
但是,系统正在期待它们。该或密码哈希无效。注册新用户时,应确保在存储用户之前使用bcrypt对密码进行哈希处理。
首先尝试手动检查数据库,方法是查看可能在相应表上创建的UserEntity。
如果password未加密,请确保它由passwordEncoder()方法使用,该方法又应使用BCryptPasswordEncoder对象实际编码您的输入密码。
希望有帮助!!