問題描述
在使用springsecurity6.0版本進行登陸認證時,出現如下錯誤:
原因分析:
在springsecurity5.0之後引入了許多加密方式,是以在校驗是需要指定一種加密方式
在我的securityConfig中,authenticationProvider的代碼如下:
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
return daoAuthenticationProvider;
}
是以在建構是需要添加加密方式
解決方案:
在建構的authenticationProvider中需要填加密碼加密方式:
代碼如下:
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
}
附上我的Springsecurityconfig全部代碼:
代碼如下:
package com.lp.framework.security.config;
import com.lp.framework.security.core.SpringSecurityUserDetailsServiceImpl;
import jakarta.annotation.Resource;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
/**
* @author LuoPing
* @project IntelliJ IDEA
* @Package lpblog
* @Date 2023/2/18 23:57
*/
@Configuration
@EnableWebSecurity
public class SpringSecurityConfigurer{
@Resource
SpringSecurityUserDetailsServiceImpl userDetailsService;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
//設定請求必須進行權限認證
http.authorizeHttpRequests(authz ->{authz
.requestMatchers("/login").permitAll()// 放行登入接口
.anyRequest().authenticated();// 其餘的都需要權限校驗
})
.authenticationProvider(authenticationProvider())
//關閉csrf防禦,相似于防火牆,不關閉上面的設定不會真正生效。// 防跨站請求僞造
.csrf().disable();
return http.build();
}
@Bean
// 密碼加密,不然沒法做密碼加密對比
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
/**
* 擷取AuthenticationManager(認證管理器),登入時認證使用
*/
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
// return authenticationConfiguration.getAuthenticationManager();
// DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
// daoAuthenticationProvider.setUserDetailsService(userDetailsService);
// daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return config.getAuthenticationManager();
}
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
}
}
附:SpringSecurity6.0版本學習視訊連結 (外語視訊)