问题描述
我有一个Spring Boot应用程序(代码此处),其中带有安全配置:
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
insert into users (username, password, enabled) values ('joe','$2y$12$XodbOuISPCPQijlY8MIRUepDeURhxDe09/4VQU0Cno5zkTEKjZouO',true);
我不太了解BCrypt哈希算法的工作原理,但是我使用免费的在线 BCrypt哈希生成器.但是,我无法登录到我的Spring Boot应用程序.日志中的错误是凭据错误".有什么作用?
I don't know much about how the BCrypt hashing algorithm works, but I generated this password hash (for the password "test") using a free online BCrypt hash generator that looks legitimate. Nevertheless, I cannot log in to my Spring Boot application. The error in the logs is "bad credentials". What gives?
PS:这是.
推荐答案
您可以使用在线BCrypt生成器,但事实是,在线生成器可能会与您的Spring Segurity enconder生成不同的正则表达式.
You can use online BCrypt generator but the thing is that the online generator might generate different regex from your Spring Segurity enconder.
例如,在线生成器可以使用正则表达式"$ 2y"生成BCrypt,而您的Spring Boot enconder使用"$ 2a"正则表达式生成.如果发生这种情况,您将总是得到不良的信用证明.
For example the online generator can generate BCrypt with regex "$2y" and your Spring Boot enconder generate with "$2a" regex. If this happen you will get always bad credencials.
我强烈建议您使用Spring Boot BCrypt Enconder生成密码.
I strongly recommend you to generate your passwords using Spring Boot BCrypt Enconder.
@SpringBootApplication
public class QuartzJdbcJobStoreBciApplication extends SpringBootServletInitializer{
public static void main(String[] args {
SpringApplication.run(QuartzJdbcJobStoreBciApplication.class, args);
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String password [] = {"Password1", "Password2", "Password3"};
for(int i = 0; i < password.length; i++)
System.out.println(passwordEncoder.encode(password[i]));
}
}
这篇关于如何为Spring Boot应用程序预生成BCrypt哈希密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!