Spring Security 4.x -; 5.x 踩坑记录
Posted ZhiYuanYe
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Spring Security 4.x -; 5.x 踩坑记录相关的知识,希望对你有一定的参考价值。
1、应用服务基路径问题
这个问题应该是Spring Boot 2.0升级带来的,既然遇到了,就在这里写一写。笔者在授权服务器想设置一个统一基路径,按照Spring Boot 1.0,是这样的:
server.context-path=/xxx
但是升级之后并不好使,最后看官方文档发现改掉了,现在是这样的:
server.servlet.context-path=/xxx
2、AuthenticationManager无法注入
在覆写AuthorizationServerConfigurerAdapter
类的public void configure(AuthorizationServerEndpointsConfigurer endpoints)
方法时,往往需要显式注入AuthenticationManager
,但是在5.x版本中,启动会报如下错误:
***************************
APPLICATION FAILED TO START
***************************
Description:
Field authenticationManager in cn.springcloud.book.OAuthConfiguration required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found.
Action:
Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration.
解决方案:
在启动主类继承WebSecurityConfigurerAdapter
类同时,手动注入:
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception
return super.authenticationManagerBean();
3、登陆报错:There is no PasswordEncoder mapped for the id “null”
在使用Spring Security 5.x登陆页面进行登陆时,后端会报错:There is no PasswordEncoder mapped for the id “null”,因为5.x版本新增了多种密码加密方式,必须指定一种,比如这样解决:
@Bean
public static NoOpPasswordEncoder passwordEncoder()
return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
下列加密方式供参考,选取一种即可:
bcrypt - BCryptPasswordEncoder (Also used for encoding)
ldap - LdapShaPasswordEncoder
MD4 - Md4PasswordEncoder
MD5 - new MessageDigestPasswordEncoder("MD5")
noop - NoOpPasswordEncoder
pbkdf2 - Pbkdf2PasswordEncoder
scrypt - SCryptPasswordEncoder
SHA-1 - new MessageDigestPasswordEncoder("SHA-1")
SHA-256 - new MessageDigestPasswordEncoder("SHA-256")
sha256 - StandardPasswordEncoder
以上是关于Spring Security 4.x -; 5.x 踩坑记录的主要内容,如果未能解决你的问题,请参考以下文章
Spring Security:2.4 Getting Spring Security
没有 JSP 的 Spring Security /j_spring_security_check
Spring Security 登录错误:HTTP 状态 404 - /j_spring_security_check