[英]Spring Security & inMemoryAuthentication() & Bad Credentials
我在使用內存中設置的用戶進行簡單登錄配置時遇到問題。 每次我都會返回錯誤的憑據。
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//auth.userDetailsService(userDetailsService);
auth.
inMemoryAuthentication()
.withUser("user").password("123").roles("USER")
.and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/location")
.hasAnyRole("ADMIN","USER")
.and()
.formLogin()
.and()
.csrf()
.disable();
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
我做錯了什么??
讓我們稍微簡化一下。 如果您正在使用formLogin()您所要做的就是指定一個UserDetailsBean並且您可以將其與編碼器一起使用:
@Bean
public PasswordEncoder passwordEncoder(){
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Bean
public UserDetailsService userDetailsService() {
return new InMemoryUserDetailsManager(
builder()
.passwordEncoder(input -> passwordEncoder().encode(input))
.username("user")
.password("123")
.roles("USER")
.build(),
builder()
.passwordEncoder(input -> passwordEncoder().encode(input))
.username("admin")
.password("password")
.roles("USER", "ADMIN")
.build()
);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
//application security
.authorizeRequests()
.mvcMatchers("/non-secure/**").permitAll()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
;
// @formatter:on
}
非常歡迎您下載示例並在您的 IDE 中運行單元測試
現在這不是首選方式,因為您的代碼中有明文密碼。 您可以將其替換為已加密密碼的管理員。
@Bean
public UserDetailsService userDetailsService() {
return new InMemoryUserDetailsManager(
builder()
.username("user")
.password("{bcrypt}$2a$10$C8c78G3SRJpy268vInPUFu.3lcNHG9SaNAPdSaIOy.1TJIio0cmTK")
.roles("USER")
.build(),
builder()
.username("admin")
.password("{bcrypt}$2a$10$XvWhl0acx2D2hvpOPd/rPuPA48nQGxOFom1NqhxNN9ST1p9lla3bG")
.roles("USER", "ADMIN")
.build()
);
}
Spring Boot和Spring Security inMemoryAuthentication不起作用
[英]Spring boot and Spring Security inMemoryAuthentication not working
為什么Spring Security InMemoryAuthentication無法對我進行身份驗證
[英]Why Spring Security InMemoryAuthentication do not authenticate me
Spring Boot Security Bad Credentials 即使憑據正確
[英]Spring Boot Security Bad Credentials even though credentials are correct
Spring Security JWT - 400 錯誤請求:“無效授權”“錯誤憑據”
[英]Spring Security JWT - 400 Bad Request : “invalid grant” “Bad credentials”
如何使用Spring Security通過InMemoryAuthentication記錄自定義用戶?
[英]How to get a custom user logged via InMemoryAuthentication with Spring Security?
Spring Security自定義身份驗證提供程序始終會導致錯誤的客戶端憑據
[英]Spring security custom authentication provider always resulted in bad client credentials
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.