我有一個用于用戶身份驗證的簡單控制器:
@RestController
@RequestMapping("/auth")
public class UserController {
private final UserService userService;
@Autowired
public UserController(UserService userService) {
this.userService = userService;
}
@PostMapping("/login")
public ResponseEntity<LoginResponse> login(@RequestBody LoginRequest loginRequest) {
try {
LoginResponse loginResponse = userService.login(loginRequest);
return new ResponseEntity<>(loginResponse, HttpStatus.OK);
} catch (Exception e) {
return new ResponseEntity<>(ResponseHandler.handleLoginResponse(LoginResponseEnums.GENERAL_ERROR, ""), HttpStatus.INTERNAL_SERVER_ERROR);
}
}
}
并為它提供服務:
@Service
public class UserServiceImpl implements UserService {
// FIXME: 6/10/2022 Initialize dummy data for H2, remove on prod
@PostConstruct
private void init() {
userRepository.save(new User("[email protected]", "$2a$10$e8xk4HeAkWwK5DwTFNXgN.ijlYEzlJJDUOcCBLZzTQuWFtQyeaXtW"));
userRepository.save(new User("[email protected]", "$2a$10$e8xk4HeAkWwK5DwTFNXgN.ijlYEzlJJDUOcCBLZzTQuWFtQyeaXtW"));
}
private final UserRepository userRepository;
private final AuthenticationProvider authenticationProvider;
private final BCryptPasswordEncoder bCryptPasswordEncoder;
private final JwtTokenProvider jwtTokenProvider;
@Autowired
public UserServiceImpl(JwtTokenProvider jwtTokenProvider, UserRepository userRepository, AuthenticationProvider authenticationProvider, BCryptPasswordEncoder bCryptPasswordEncoder) {
this.userRepository = userRepository;
this.authenticationProvider = authenticationProvider;
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
this.jwtTokenProvider = jwtTokenProvider;
}
public LoginResponse login(LoginRequest loginRequest) {
String email = loginRequest.getEmail();
String password = loginRequest.getPassword();
try {
authenticationProvider.authenticate(new UsernamePasswordAuthenticationToken(email, password));
} catch (Exception e) {
return ResponseHandler.handleLoginResponse(LoginResponseEnums.PASSWORD_INCORRECT, "");
}
Optional<User> userByEmail = userRepository.findUserByEmail(email);
if (userByEmail.isPresent()) {
return ResponseHandler.handleLoginResponse(LoginResponseEnums.SUCCESS, jwtTokenProvider.createToken(email));
} else {
return ResponseHandler.handleLoginResponse(LoginResponseEnums.EMAIL_DOES_NOT_EXIST, "");
}
}
}
和 AuthenticationProviderBean
@Bean
public AuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider provider =
new DaoAuthenticationProvider();
provider.setPasswordEncoder(bCryptPasswordEncoder());
provider.setUserDetailsService(userDetailsService);
return provider;
}
我有一個小問題
try {
authenticationProvider.authenticate(new UsernamePasswordAuthenticationToken(email, password));
} catch (Exception e) {
return ResponseHandler.handleLoginResponse(LoginResponseEnums.PASSWORD_INCORRECT, "");
}
當提供原始密碼:“123456”時,身份驗證提供程式對用戶進行身份驗證,但是當我提供 BCrypt 編碼密碼:“$2a$10$e8xk4HeAkWwK5DwTFNXgN.ijlYEzlJJDUOcCBLZzTQuWFtQyeaXtW”時,它會拋出:org.springframework.security.authentication.BadCredentialsException: Bad credentials
我想使用 BCrypt 編碼密碼驗證用戶,該怎么辦我需要改變嗎?我想用這個請求對用戶進行身份驗證:
{
"Email": "[email protected]"
"Password": "$2a$10$e8xk4HeAkWwK5DwTFNXgN.ijlYEzlJJDUOcCBLZzTQuWFtQyeaXtW"
}
uj5u.com熱心網友回復:
BCryptPasswordEncoder 不能那樣作業。它的matches方法需要明文密碼以及先前編碼的密碼
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/490386.html
