Spring Security –没有为id“ null”映射的PasswordEncoder

最新推荐文章于 2024-03-22 10:30:00 发布

cyan20115

最新推荐文章于 2024-03-22 10:30:00 发布

阅读量442

点赞数

文章标签： java

发送带有用户名和密码的GET请求，但遇到密码编码器错误？

经过测试

Spring Boot 2.1.2发布
5.1.3。发布

$ curl localhost:8080/books -u user:password

{
	"timestamp":"2019-02-22T15:03:49.322+0000",
	"status":500,
	"error":"Internal Server Error",
	"message":"There is no PasswordEncoder mapped for the id \"null\"",
	"path":"/books"
}

日志错误

java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"

这是配置。

SpringSecurityConfig.java

package com.mkyong.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
     
        auth.inMemoryAuthentication()
                .withUser("user").password("password").roles("USER")
                .and()
                .withUser("admin").password("password").roles("ADMIN");

    }

}

解

在Spring Security 5.0之前，默认的PasswordEncoder是NoOpPasswordEncoder ，它需要纯文本密码。在Spring Security 5中，默认值为DelegatingPasswordEncoder ，它需要密码存储格式 。

阅读这个和这个

解决方案1 –添加密码存储格式，对于纯文本，添加{noop}

SpringSecurityConfig.java

package com.mkyong.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
     
        auth.inMemoryAuthentication()
                .withUser("user").password("{noop}password").roles("USER")
                .and()
                .withUser("admin").password("{noop}password").roles("ADMIN");

    }

}

解决方案2 – UserDetailsService User.withDefaultPasswordEncoder()

SpringSecurityConfig.java

package com.mkyong.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public UserDetailsService userDetailsService() {

        User.UserBuilder users = User.withDefaultPasswordEncoder();
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
        manager.createUser(users.username("user").password("password").roles("USER").build());
        manager.createUser(users.username("admin").password("password").roles("USER", "ADMIN").build());
        return manager;

    }

}