JavaSpringSecurity会自动填写名称和用户名,并发出哈希密码
我正在从事一个Spring项目,该项目涉及使用存储在数据库中的凭据登录。现在,这似乎工作得很好,唯一的一件事是,每当我去页面登录,它会自动填写“jimi”作为用户名和一些密码,而我甚至没有输入任何东西
这是我的xml配置:
春季安全。xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<headers>
<cache-control />
</headers>
<intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
<form-login login-page="/user/login"
default-target-url="/home"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"
login-processing-url="/auth/login_check" />
<logout logout-success-url="/login?logout" delete-cookies="JSESSIONID" />
</http>
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select email,password, enabled from user where email=?"
authorities-by-username-query=
"select email, role from user_roles where email =? " />
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
</beans:bean>
</beans:beans>
spring数据库。xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://connectionurl" />
<property name="username" value="user" />
<property name="password" value="pass" />
</bean>
</beans>
mvc调度程序servlet。xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd">
<import resource="spring-database.xml"/>
<import resource="spring-security.xml"/>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/jsp/"
p:suffix=".jsp" />
<bean id="jpaDialect" class="org.springframework.orm.jpa.vendor.HibernateJpaDialect"/>
<bean id="emf"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="persistenceUnitName" value="medicapp" />
<property name="dataSource" ref="dataSource" />
<property name="persistenceProvider">
<bean class="org.hibernate.jpa.HibernatePersistenceProvider" />
</property>
</bean>
<bean id="tm" class="org.springframework.orm.jpa.JpaTransactionManager" p:entityManagerFactory-ref="emf" p:jpaDialect-ref="jpaDialect"/>
<tx:annotation-driven transaction-manager="tm"/>
<context:component-scan base-package="medicapp.*" />
<context:spring-configured />
<context:annotation-config />
<mvc:resources mapping="/resources/**" location="/resources/mytheme/" />
<mvc:annotation-driven/>
</beans>
现在讨论散列的问题。如您所见,我在spring安全性中声明了一个BCrypt编码器bean。xml。然而,当我尝试使用它时,我永远无法登录。不过,我可以不用它登录。我使用此密码生成器对密码进行哈希运算:
密码生成器。爪哇
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
public class PasswordEncoderGenerator {
public static void main(String[] args) {
String password = "123456";
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String hashedPassword = passwordEncoder.encode(password);
System.out.println(hashedPassword);
}
}
我将那里的输出复制/粘贴到数据库中,但运气不好
感谢您的帮助
亲切的问候
# 1 楼答案
你在春季保安所做的。xml将密码编码器声明为bean,但您没有告诉spring security使用密码编码器对密码进行编码
这里可能发生的情况是,在数据库中检查密码之前,密码没有被编码,因此身份验证失败
试试这个
添加this将告诉spring安全性使用这个bean对密码进行编码,然后检查数据库中是否有匹配的用户对象
希望能有所帮助