我正在为一个大学项目创建一个 Spring 应用程序。
package com.sales.security;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/showProducts.html", "/showOrders.html", "/showCustomers.html","/newOrder.html","/addProduct.html","/addCustomer.html")
.authenticated()
.and()
.formLogin();
}
private static final String ENCODED_PASSWORD = "$2y$12$i4Cl5SZgrPFItSz/G5cvTObf0sqzHszwwKMZ4pQeUlElY1BR7KxdO"; //password is "user" encrypted using BCrypt
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.passwordEncoder(passwordEncoder())
.withUser("user").password(ENCODED_PASSWORD).roles("USER");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
我从用户 TwiN 处获取了代码 Java Spring Security - User.withDefaultPasswordEncoder() is deprecated?
我已将哈希更改为“用户”,并使用 https://bcrypt-generator.com/ 确认它肯定是“用户”
但现在无论如何,登录页面都不允许我登录,并说我的登录详细信息不正确 here's what my application looks like after entering a username="user" and password ="user"
最佳答案
有很多方法可以在 Spring 中实现安全性,我无法理解你在做什么,但这是我的 github 存储库 Spring Boot Security您可以更改分支以查看应用安全性的不同方法,选择“内存中”分支,这是最简单的一个。
关于java - 如何在Spring应用程序中实现安全性?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61485064/