在Spring基本安全中,没有为id "null"映射任何PasswordEncoder。
在Spring基本安全中,没有为id "null"映射任何PasswordEncoder。
我的代码在Spring版本1.5.6.RELEASE中运行良好。
但当我升级到2.0.0版本后,我的一些方法已经过时但仍然能正常工作。
当我根据There is no PasswordEncoder mapped for the id "null" with database authentication更改我的过时方法时,
它开始出现错误"there is no passwordencoder"。
这是我的代码。
WebConfig
@Configurable
@EnableWebSecurity
public class WebConfig extends WebSecurityConfigurerAdapter {
@Autowired
AppUserDetailsService appUserDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(appUserDetailsService);
}
@Bean
public static DelegatingPasswordEncoder passwordEncoder() {
return (DelegatingPasswordEncoder) DelegatingPasswordEncoder.encode("noop");
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(appUserDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@SuppressWarnings("deprecation")
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("http://localhost:4200");
}
};
}
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()
.authorizeRequests()
.antMatchers("/account/register","/account/login","/logout").permitAll()
.anyRequest().fullyAuthenticated().and()
.logout()
.permitAll()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout", "POST"))
.and()
.httpBasic().and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and()
.csrf().disable();
}
}
Account Controller
@RestController
@RequestMapping("account")
public class AccountController {
public static final Logger logger = LoggerFactory.getLogger(AccountController.class);
@Autowired
private UserService userService;
@CrossOrigin
@RequestMapping(value = "/register", method = RequestMethod.POST)
public ResponseEntity createUser(@RequestBody User newUser) {
if (userService.find(newUser.getUsername()) != null) {
logger.error("username Already exist " + newUser.getUsername());
return new ResponseEntity(
new CustomErrorType("user with username " + newUser.getUsername() + "already exist "),
HttpStatus.CONFLICT);
}
newUser.setRole("USER");
return new ResponseEntity(userService.save(newUser), HttpStatus.CREATED);
}
@CrossOrigin
@RequestMapping("/login")
public Principal user(Principal principal) {
logger.info("user logged "+principal);
return principal;
}
}
User Service
@Service
public class UserService {
@Autowired
UserRepository userRepository;
public User save(User user) {
return userRepository.saveAndFlush(user);
}
public User update(User user) {
return userRepository.save(user);
}
public User find(String userName) {
return userRepository.findOneByUsername(userName);
}
}
我看到了所有相关的答案,但它们都是针对内存认证的。
Spring security : migrating 4.0 to 5.0 - Error -There is no PasswordEncoder mapped for the id “null”
Spring Security 5 : There is no PasswordEncoder mapped for the id "null"
Spring Boot PasswordEncoder Error
请帮忙。
我正在使用MySQL数据库。
问题原因:该问题的出现是因为在Spring基本安全中没有为id为"null"的PasswordEncoder进行映射。
解决方法:根据文档,NoOpPasswordEncoder是一个不执行任何操作的密码编码器,通常用于测试环境中希望使用明文密码的情况。尽管这些编码器已被弃用,因为它们并不安全,但如果仍然希望使用"noop"密码编码器,可以构建自己的密码编码器实现。