我是 Java/Spring boot 新手,我正在使用 jwt 进行登录。
发生的情况是,我很好地完成了创建用户的部分,问题是,当我想登录邮递员时,我收到“401 错误凭据”,并且在 netbeans 控制台中,我收到 Encoded password does not Look like Bcrypt 并且失败开始方法。
我疯狂地阅读我的代码,但仍然无法弄清楚它出了什么问题。
Authcontroller.java
java
@RestController
@RequestMapping("/auth")
@CrossOrigin
public class AuthController {
@Autowired
PasswordEncoder passwordEncoder;
@Autowired
AuthenticationManager authenticationManager;
@Autowired
UserService userService;
@Autowired
RolService rolService;
@Autowired
JwtProvider jwtProvider;
@PostMapping("/new")
public ResponseEntity<?> nuevo(@Valid @RequestBody NewUser newUser, BindingResult bindingResult){
if(bindingResult.hasErrors())
return new ResponseEntity(new Msg("Campos o email inválido"), HttpStatus.BAD_REQUEST);
if(userService.existsByUsername(newUser.getUsername))
return new ResponseEntity(new Msg("Nombre de usuario existente"), HttpStatus.BAD_REQUEST);
if(userService.existsByEmail(newUser.getEmail))
return new ResponseEntity(new Msg("Email existente"), HttpStatus.BAD_REQUEST);
User user = new User(newUser.getName(), newUser.getUsername(), newUser.getEmail(), passwordEncoder.encode(newUser.getPassword()));
Set<Rol> roles = new HashSet<>();
roles.add(rolService.getByRolName(RolName.ROLE_USER).get());
if(newUser.getRoles().contains("admin"))
roles.add(rolService.getByRolName(RolName.ROLE_ADMIN).get());
user.setRoles(roles);
userService.save(user);
return new ResponseEntity(new Msg("usuario guardado"), HttpStatus.CREATED);
}
@PostMapping("/login")
public ResponseEntity<JwtDto> login (@Valid @RequestBody UserLogin userLogin, BindingResult bindingResult){
if (bindingResult.hasErrors())
return new ResponseEntity(new Msg("Campos mal ingresados"), HttpStatus.BAD_REQUEST);
Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(
userLogin.getUsername(), userLogin.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
String jwt = jwtProvider.generateToken(authentication);
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
JwtDto jwtDto = new JwtDto(jwt, userDetails.getUsername(), userDetails.getAuthorities());
return new ResponseEntity(jwtDto, HttpStatus.OK);
}
}
MainSecurity.java
java
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class MainSecurity {
@Autowired
UserDetailsServiceImpl userDetailsServiceImpl;
@Autowired
JwtEntryPoint jwtEntryPoint;
@Bean
public JwtTokenFilter jwtTokenFilter() {
return new JwtTokenFilter();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable()
.exceptionHandling().authenticationEntryPoint(jwtEntryPoint).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeHttpRequests()
.requestMatchers("/**").permitAll()
.anyRequest().authenticated();
http.addFilterBefore(jwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
return http.build();
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("*");
}
};
}
}
看来您实际上并未在数据库中存储
bcrypt
编码密码。
然而,系统正在等待他们。要么是密码哈希值无效。当您注册新用户时,应确保在存储用户之前使用
bcrypt
对密码进行哈希处理。
首先尝试通过查看您可能在相应表上创建的
UserEntity
来手动检查数据库。
如果
password
未加密,请确保它由 passwordEncoder()
方法使用,该方法又应使用 BCryptPasswordEncoder
对象对您输入的密码进行实际编码。
希望有帮助!!