Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

JavaSpringSecurity会自动填写名称和用户名,并发出哈希密码

2 周 Questions & Answers

我正在从事一个Spring项目,该项目涉及使用存储在数据库中的凭据登录。现在,这似乎工作得很好,唯一的一件事是,每当我去页面登录,它会自动填写“jimi”作为用户名和一些密码,而我甚至没有输入任何东西

这是我的xml配置:

春季安全。xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <!-- enable use-expressions -->
    <http auto-config="true" use-expressions="true">

        <headers>
            <cache-control />
        </headers>

        <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />

        <form-login login-page="/user/login"
                    default-target-url="/home"
                    authentication-failure-url="/login?error"
                    username-parameter="username"
                    password-parameter="password"
                    login-processing-url="/auth/login_check" />

        <logout logout-success-url="/login?logout" delete-cookies="JSESSIONID" />


    </http>

    <!-- Select users and user_roles from database -->
    <authentication-manager>

        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource"
                               users-by-username-query=
                                       "select email,password, enabled from user where email=?"
                               authorities-by-username-query=
                                       "select email, role from user_roles where email =?  " />
        </authentication-provider>

    </authentication-manager>

    <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
    </beans:bean>

</beans:beans>

spring数据库。xml

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">

    <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
          destroy-method="close">

        <property name="driverClassName" value="com.mysql.jdbc.Driver" />
        <property name="url" value="jdbc:mysql://connectionurl" />
        <property name="username" value="user" />
        <property name="password" value="pass" />
    </bean>
</beans>

mvc调度程序servlet。xml

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd">

    <import resource="spring-database.xml"/>
    <import resource="spring-security.xml"/>
    <bean id="viewResolver"
          class="org.springframework.web.servlet.view.InternalResourceViewResolver"
          p:prefix="/WEB-INF/jsp/"
          p:suffix=".jsp" />

    <bean id="jpaDialect" class="org.springframework.orm.jpa.vendor.HibernateJpaDialect"/>

    <bean id="emf"
          class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
        <property name="persistenceUnitName" value="medicapp" />
        <property name="dataSource" ref="dataSource" />
        <property name="persistenceProvider">
            <bean class="org.hibernate.jpa.HibernatePersistenceProvider" />
        </property>

    </bean>

    <bean id="tm" class="org.springframework.orm.jpa.JpaTransactionManager" p:entityManagerFactory-ref="emf" p:jpaDialect-ref="jpaDialect"/>

    <tx:annotation-driven transaction-manager="tm"/>

    <context:component-scan base-package="medicapp.*" />

    <context:spring-configured />
    <context:annotation-config />

    <mvc:resources mapping="/resources/**" location="/resources/mytheme/" />
    <mvc:annotation-driven/>

</beans>

现在讨论散列的问题。如您所见,我在spring安全性中声明了一个BCrypt编码器bean。xml。然而,当我尝试使用它时,我永远无法登录。不过,我可以不用它登录。我使用此密码生成器对密码进行哈希运算:

密码生成器。爪哇

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

public class PasswordEncoderGenerator {

    public static void main(String[] args) {


            String password = "123456";
            BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
            String hashedPassword = passwordEncoder.encode(password);

            System.out.println(hashedPassword);


    }
}

我将那里的输出复制/粘贴到数据库中,但运气不好

感谢您的帮助

亲切的问候


共 (1) 个答案

  1. # 1 楼答案

    你在春季保安所做的。xml将密码编码器声明为bean,但您没有告诉spring security使用密码编码器对密码进行编码

    这里可能发生的情况是,在数据库中检查密码之前,密码没有被编码,因此身份验证失败

    试试这个

     <authentication-manager>
    <authentication-provider>
        <password-encoder ref="encoder" />
    </authentication-provider>
  </authentication-manager>

    添加this将告诉spring安全性使用这个bean对密码进行编码,然后检查数据库中是否有匹配的用户对象

    希望能有所帮助