我正在使用带有 BCrypt 密码编码器的 Spring Security 进行身份验证。当我想登录时,Spring 安全性使用 JPA 正确获取用户数据,但是为了使用编码密码检查原始密码,它为密码编码器提供空字符串作为编码密码。
弹簧安全配置:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsServiceImpl")
private UserDetailsService userDetailsService;
@Bean
public PasswordEncoder passwordEncoder(){
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").hasAuthority("USER")
.antMatchers("/css/**","/font/**","/js/**","/image/**").permitAll()
.antMatchers("/register").permitAll()
.and().formLogin().loginPage("/login").successForwardUrl("/").permitAll()
.and().logout().logoutSuccessUrl("/login");
}
}
用户详细信息服务:
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
private UserRepository userRepo;
@Autowired
public UserDetailsServiceImpl(UserRepository userRepo){
this.userRepo = userRepo;
}
@Override …spring spring-security bcrypt password-encryption spring-boot