本文介绍了如何为Spring Boot应用程序预生成BCrypt哈希密码?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个Spring Boot应用程序(代码此处),其中带有安全配置:

I have a Spring Boot application (code here) with a security configuration that utilizes a BCryptPasswordEncoder:

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

我想预生成几个密码来初始化我的数据库,以便进行测试或登录开发人员计算机. (不适用于生产.)我的数据库是PostgreSQL,该架构基于Spring Security默认架构,带有一个users表和一个authorities表.我的SQL语句如下所示:

I'd like to pre-generate a couple of passwords to initialize my database, for testing or for logging in on a developer machine. (Not for production.) My database is PostgreSQL and the schema is based on the Spring Security default schema, with a users table and an authorities table. My SQL statement looks like this:

insert into users (username, password, enabled) values ('joe','$2y$12$XodbOuISPCPQijlY8MIRUepDeURhxDe09/4VQU0Cno5zkTEKjZouO',true);

我不太了解BCrypt哈希算法的工作原理,但是我使用免费的在线 BCrypt哈希生成器.但是,我无法登录到我的Spring Boot应用程序.日志中的错误是凭据错误".有什么作用?

I don't know much about how the BCrypt hashing algorithm works, but I generated this password hash (for the password "test") using a free online BCrypt hash generator that looks legitimate. Nevertheless, I cannot log in to my Spring Boot application. The error in the logs is "bad credentials". What gives?

PS:这是.

推荐答案

您可以使用在线BCrypt生成器,但事实是,在线生成器可能会与您的Spring Segurity enconder生成不同的正则表达式.

You can use online BCrypt generator but the thing is that the online generator might generate different regex from your Spring Segurity enconder.

例如,在线生成器可以使用正则表达式"$ 2y"生成BCrypt,而您的Spring Boot enconder使用"$ 2a"正则表达式生成.如果发生这种情况,您将总是得到不良的信用证明.

For example the online generator can generate BCrypt with regex "$2y" and your Spring Boot enconder generate with "$2a" regex. If this happen you will get always bad credencials.

我强烈建议您使用Spring Boot BCrypt Enconder生成密码.

I strongly recommend you to generate your passwords using Spring Boot BCrypt Enconder.

@SpringBootApplication
public class QuartzJdbcJobStoreBciApplication extends SpringBootServletInitializer{

public static void main(String[] args {
    SpringApplication.run(QuartzJdbcJobStoreBciApplication.class, args);
    BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    String password [] = {"Password1", "Password2", "Password3"};
    for(int i = 0; i < password.length; i++)
        System.out.println(passwordEncoder.encode(password[i]));

    }
}

这篇关于如何为Spring Boot应用程序预生成BCrypt哈希密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-26 03:29
查看更多