我正在为一个大学项目创建一个spring应用程序,需要帮助实现登录页面
package com.sales.security;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/showProducts.html", "/showOrders.html", "/showCustomers.html","/newOrder.html","/addProduct.html","/addCustomer.html")
.authenticated()
.and()
.formLogin();
}
private static final String ENCODED_PASSWORD = "$2y$12$i4Cl5SZgrPFItSz/G5cvTObf0sqzHszwwKMZ4pQeUlElY1BR7KxdO"; //password is "user" encrypted using BCrypt
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.passwordEncoder(passwordEncoder())
.withUser("user").password(ENCODED_PASSWORD).roles("USER");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
我从Java Spring Security的用户TwiN那里获得了代码-user.withDefaultPasswordEncode((不推荐使用?
我已经将哈希更改为"用户",并确认它肯定是"用户"使用https://bcrypt-generator.com/
但不管怎样,登录页面都不允许我登录,并说我的登录详细信息不正确以下是我的应用程序在输入用户名="user"和密码="user"后的样子
您正在对已编码的密码进行编码。试试这样的东西:
@EnableWebSecurity
public class WebConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
BCryptPasswordEncoder encoder = passwordEncoder();
auth.inMemoryAuthentication().withUser("user").password(encoder.encode("password")).roles("USER");
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
请再次检查您的加密密码,您的密码似乎没有正确加密。
我设法修复了它。
package com.sales.security;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder getPasswordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user")
.password("user")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/showCustomers.html","/showProducts.html","/showOrders.html","/addCustomer.html","/newOrder.html","/addProduct.html").hasAnyRole("USER")
.and()
.formLogin()
.and()
.logout();
}
}