Spring Boot Security：编码密码看起来不像 BCrypt

Posted 2023-02-26

【中文标题】Spring Boot Security：编码密码看起来不像 BCrypt

【英文标题】：Spring Boot Security: Encoded password does not look like BCrypt

【发布时间】：2019-03-25 17:00:13

【问题描述】：

我最近在 Spring Boot Security 中学习了一个身份验证和授权教程，我想我在 sql 方面迷路了。虽然它没有显示任何错误，即使我输入了正确的用户名和密码，它仍然显示错误的凭据。这是我的代码：

UserDetailsS​​erviceImpl.java

    @Override
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException 
        WebUser appUser = this.appUserDAO.findUserAccount(userName);

        if (appUser == null) 
            System.out.println("User not found! " + userName);
            throw new UsernameNotFoundException("User " + userName + " was not found in the database");
        

        System.out.println("Found User: " + appUser);

        // [ROLE_USER, ROLE_ADMIN,..]
        List<String> roleNames = this.appRoleDAO.getRoleNames(appUser.getId());

        List<GrantedAuthority> grantList = new ArrayList<GrantedAuthority>();
        if (roleNames != null) 
            for (String role : roleNames) 
                // ROLE_USER, ROLE_ADMIN,..
                GrantedAuthority authority = new SimpleGrantedAuthority(role);
                grantList.add(authority);
            
        

        UserDetails userDetails = (UserDetails) new User(appUser.getUsername(), //
                appUser.getPass(), grantList);

        return userDetails;
    

WebUserMapper.java

public static final String BASE_SQL //
= "Select u.Id, u.Username, u.Pass From User u ";

@Override
public WebUser mapRow(ResultSet rs, int rowNum) throws SQLException 

    Long userId = rs.getLong("Id");
    String userName = rs.getString("Username");
    String encrytedPassword = rs.getString("Pass");

    return new WebUser(userId, userName, encrytedPassword);

WebSecurityConfig.java

    @Bean
    public BCryptPasswordEncoder passwordEncoder() 
        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
        return bCryptPasswordEncoder;
    

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception  

        // Setting Service to find User in the database.
        // And Setting PassswordEncoder
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());     

    

这是我的数据库：

它返回这个错误：

Found User: test/$2y$12$MemyV61IuKV7SAntLOEVqeLPPvl2snXjQwlk3RSFDmn5eWrRcHwxm
2018-10-21 20:32:57.110  WARN 1300 --- [nio-8080-exec-3] o.s.s.c.bcrypt.BCryptPasswordEncoder     : Encoded password does not look like BCrypt

密码是123。我不知道为什么我在密码中输入了“123”还是不行。希望你能帮助我。非常感谢

【问题讨论】：

看看这里：***.com/questions/40699532/…

您在将密码保存到数据库时是否使用自动连接的 BCryptPasswordEncoder？

【参考方案1】：

尝试使用 bcrypt 编码器在服务器端对您的 client_secret 进行编码。

【讨论】：

我在从 Spring Boot 1.5.7 迁移到 2.0.4 后请求 Oauth 令牌时收到此 Encoded password does not look like BCrypt 错误消息。编码 client_secret 解决了它。将不得不调查它以找出原因。