问题出处
在调试Spring Security 入门程序(https://blog.csdn.net/weixin_44062339/article/details/102450543)的时候,正常打开了登录页面,输入账号和密码登录报错:
HTTP Status 500 - There is no PasswordEncoder mapped for the id "null"
type Exception report
message There is no PasswordEncoder mapped for the id "null"
description The server encountered an internal error that prevented it from fulfilling this request.
exception
java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"
org.springframework.security.crypto.password.DelegatingPasswordEncoder$UnmappedIdPasswordEncoder.matches(DelegatingPasswordEncoder.java:244)
org.springframework.security.crypto.password.DelegatingPasswordEncoder.matches(DelegatingPasswordEncoder.java:198)
org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:90)
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:166)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200)
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:124)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
解决问题
Spring Security 使用PasswordEncoder进行密码校验,在安全配置类中需要指定PasswordEncoder,如下:
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
...
@Bean
public PasswordEncoder passwordEncoder(){
return NoOpPasswordEncoder.getInstance();
}
...
}
由于我们在定义UserDetailService时密码使用的明文方式,所以本案例使用的是NoOpPasswordEncoder,代码如下:
@Bean
public UserDetailsService userDetailsService(){
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("zhangsan").password("123").authorities("p1").build());
manager.createUser(User.withUsername("lisi").password("456").authorities("p2").build());
return manager;
}
在后边Spring Security和Spring Boot整合后我们使用BCryptPasswordEncoder,如果使用BCryptPasswordEncoder那么UserDetailService中的密码必须是经验BCrypt加密的。
具体可参考:https://blog.csdn.net/weixin_44062339/article/details/102473695