stackoom
  简体   繁体   中英

Adding bcrypt to Spring Boot Security

 原文  2017-12-22 12:01:10       java/ spring/ spring-boot

Question

I've got the below working code to authenticate users calling my Spring Boot API against an Oracle database and match their roles to urls. I'm now looking to use bcrypt to store/retrieve these from the database.

Do I need to create my own custom userDetails for this or is it possible to simply use what I have below. I'm not overly familiar with Spring Boot so any help appreciated. 

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired  
    private BasicAuthenticationPoint basicAuthenticationPoint;  

    @Autowired
    DataSource dataSource;

    @Override
    public void configure(HttpSecurity httpSecurity) throws Exception{
        httpSecurity.httpBasic().authenticationEntryPoint(basicAuthenticationPoint);

        httpSecurity.authorizeRequests()
            .antMatchers("/v1/test/*").hasRole("USER");

    }

    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication().dataSource(dataSource)
            .usersByUsernameQuery("SELECT USERNAME,SECRET_KEY, ENABLED FROM USERS WHERE USERNAME=?")
            .authoritiesByUsernameQuery(
                "SELECT A.USERNAME, B.ROLE_NAME"
                + " FROM USERS A, ROLES B, USER_ROLES C"
                + " WHERE C.USER_ID = A.USER_ID AND C.ROLE_ID = B.ROLE_ID AND A.USERNAME=?"
            );
    }
}

1 answers

solution1
 2 ACCPTED  2017-12-22 12:11:01

Just add a .passwordEncoder(enocder) to your jdbcAuthentication() like so: 

    auth.jdbcAuthentication()
        .dataSource(dataSource)
        .usersByUsernameQuery("SELECT USERNAME,SECRET_KEY, ENABLED FROM USERS WHERE USERNAME=?")
        .authoritiesByUsernameQuery(
            "SELECT A.USERNAME, B.ROLE_NAME"
            + " FROM USERS A, ROLES B, USER_ROLES C"
            + " WHERE C.USER_ID = A.USER_ID AND C.ROLE_ID = B.ROLE_ID AND A.USERNAME=?"
        )
        .passwordEncoder(new BCryptPasswordEncoder());

If you want to reuse the password encoder you can create a bean out of it and inject it where needed.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Migration to Spring Boot 2 - Security Encoded password does not look like BCrypt Use BCrypt hashing function in Spring Boot without all the overkill security? Adding Bcrypt Encoding to Spring MVC Security with limit login attempts BCrypt in my Spring Security project (Spring security) Why Am I Getting an IllegalStateException While Adding Bcrypt to my Spring-Security.XML file? Does LDAP Support BCrypt? Trying to implement BCrypt in Java Spring Security Spring security and spring boot BCrypt: Empty Encoded Password with Spring Security Spring Security BCrypt always look for “$2a” regex Switching from MD5 to BCrypt with Spring Security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM