Spring Boot Security:编码密码看起来不像 BCrypt
Posted
技术标签:
【中文标题】Spring Boot Security:编码密码看起来不像 BCrypt【英文标题】:Spring Boot Security: Encoded password does not look like BCrypt 【发布时间】:2019-03-25 17:00:13 【问题描述】:我最近在 Spring Boot Security 中学习了一个身份验证和授权教程,我想我在 sql 方面迷路了。虽然它没有显示任何错误,即使我输入了正确的用户名和密码,它仍然显示错误的凭据。这是我的代码:
UserDetailsServiceImpl.java
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException
WebUser appUser = this.appUserDAO.findUserAccount(userName);
if (appUser == null)
System.out.println("User not found! " + userName);
throw new UsernameNotFoundException("User " + userName + " was not found in the database");
System.out.println("Found User: " + appUser);
// [ROLE_USER, ROLE_ADMIN,..]
List<String> roleNames = this.appRoleDAO.getRoleNames(appUser.getId());
List<GrantedAuthority> grantList = new ArrayList<GrantedAuthority>();
if (roleNames != null)
for (String role : roleNames)
// ROLE_USER, ROLE_ADMIN,..
GrantedAuthority authority = new SimpleGrantedAuthority(role);
grantList.add(authority);
UserDetails userDetails = (UserDetails) new User(appUser.getUsername(), //
appUser.getPass(), grantList);
return userDetails;
WebUserMapper.java
public static final String BASE_SQL //
= "Select u.Id, u.Username, u.Pass From User u ";
@Override
public WebUser mapRow(ResultSet rs, int rowNum) throws SQLException
Long userId = rs.getLong("Id");
String userName = rs.getString("Username");
String encrytedPassword = rs.getString("Pass");
return new WebUser(userId, userName, encrytedPassword);
WebSecurityConfig.java
@Bean
public BCryptPasswordEncoder passwordEncoder()
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
// Setting Service to find User in the database.
// And Setting PassswordEncoder
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
这是我的数据库:
它返回这个错误:
Found User: test/$2y$12$MemyV61IuKV7SAntLOEVqeLPPvl2snXjQwlk3RSFDmn5eWrRcHwxm
2018-10-21 20:32:57.110 WARN 1300 --- [nio-8080-exec-3] o.s.s.c.bcrypt.BCryptPasswordEncoder : Encoded password does not look like BCrypt
密码是123。我不知道为什么我在密码中输入了“123”还是不行。希望你能帮助我。非常感谢
【问题讨论】:
看看这里:***.com/questions/40699532/… 您在将密码保存到数据库时是否使用自动连接的 BCryptPasswordEncoder? 【参考方案1】:尝试使用 bcrypt 编码器在服务器端对您的 client_secret 进行编码。
【讨论】:
我在从 Spring Boot 1.5.7 迁移到 2.0.4 后请求 Oauth 令牌时收到此Encoded password does not look like BCrypt
错误消息。编码 client_secret 解决了它。将不得不调查它以找出原因。以上是关于Spring Boot Security:编码密码看起来不像 BCrypt的主要内容,如果未能解决你的问题,请参考以下文章
在 Grails 3.0 中配置 Spring Boot Security 以使用 BCrypt 密码编码
spring boot starter security 不在日志中生成默认密码
在 Spring Security(spring-boot 项目)中使用 ldap 凭据进行 Http 基本身份验证以保护休息服务调用