Spring Security unable to log using userDetailService and passwordEncoder
Question
I use Spring Security and I want to use de userDetailService and the passwordEncoder for the login.
The creation of users works fine. I have users in my database with there BCrypt password. I use the same PasswordEncoder to create the users as the one to log them.
Here is my SecurityConfig:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private IUtilisateurService utilisateurService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(utilisateurService)
.passwordEncoder(passwordEncoder())
;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
//
.csrf().disable()
//
.authorizeRequests()//
.antMatchers(HttpMethod.GET, "/**").permitAll()//
.antMatchers(HttpMethod.POST, "/**").authenticated()//
.antMatchers(HttpMethod.PUT, "/**").authenticated()//
.antMatchers(HttpMethod.DELETE, "/**").authenticated()//
.anyRequest().permitAll()//
.and()//
.httpBasic().and()//
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(10);
}
}
And in the implementation of IUtilisateurService who extends UserDetailsService:
@Service("utilisateurService")
public class UtilisateurServiceImpl implements IUtilisateurService {
private static final ILogger LOG = LoggerImpl.getILogger(UtilisateurServiceImpl.class);
private IUtilisateurDao utilisateurDao;
private Mapper mapper;
private PasswordEncoder passwordEncoder;
@Autowired
public UtilisateurServiceImpl(IUtilisateurDao utilisateurDao, Mapper mapper, PasswordEncoder passwordEncoder) {
super();
this.utilisateurDao = utilisateurDao;
this.mapper = mapper;
this.passwordEncoder = passwordEncoder;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UtilisateurEntity utilisateur = utilisateurDao.getUtilisateurFromLogin(username);
String methodName = "loadUserByUsername";
if (utilisateur == null) {
String msg = String.format("Aucun utilisateur avec le login %s n'a pu être trouvé", username);
LOG.warning(methodName, msg);
throw new UsernameNotFoundException(msg);
}
return new UtilisateurUserDetail(utilisateur);
}
@Override
public void saveNewUtilisateur(String login, String motDePasse) {
String methodName = "saveNewUtilisateur";
if (StringUtils.isBlank(login) || StringUtils.isBlank(motDePasse)) {
String message = "Le login et le mot de passe sont obligatoires";
LOG.warning(methodName, message);
throw new IllegalArgumentException(message);
}
UtilisateurEntity utilisateur = new UtilisateurEntity();
utilisateur.setLogin(login);
utilisateur.setMotDePasse(passwordEncoder.encode(motDePasse));
LOG.info(methodName, String.format("Sauvegarde du nouvel utilisateur %s", login));
utilisateurDao.saveNewUtilisateur(utilisateur);
}
...
Before this step I used an inMemoryAuthentication with fixed user/password in my code. Now I want to use information stored in database with a hashed password.
1 answers
solution1
0 ACCPTED 2016-03-23 15:58:26
I finally found the solution. The problem didn't come from spring security. It was in an other part of the application. If someone wants to reuse this code, it works!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.