问题描述
在使用springsecurity6.0版本进行登陆认证时,出现如下错误:
原因分析:
在springsecurity5.0之后引入了许多加密方式,因此在校验是需要指定一种加密方式
在我的securityConfig中,authenticationProvider的代码如下:
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
return daoAuthenticationProvider;
}
因此在构建是需要添加加密方式
解决方案:
在构建的authenticationProvider中需要填加密码加密方式:
代码如下:
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
}
附上我的Springsecurityconfig全部代码:
代码如下:
package com.lp.framework.security.config;
import com.lp.framework.security.core.SpringSecurityUserDetailsServiceImpl;
import jakarta.annotation.Resource;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
/**
* @author LuoPing
* @project IntelliJ IDEA
* @Package lpblog
* @Date 2023/2/18 23:57
*/
@Configuration
@EnableWebSecurity
public class SpringSecurityConfigurer{
@Resource
SpringSecurityUserDetailsServiceImpl userDetailsService;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
//设置请求必须进行权限认证
http.authorizeHttpRequests(authz ->{authz
.requestMatchers("/login").permitAll()// 放行登录接口
.anyRequest().authenticated();// 其余的都需要权限校验
})
.authenticationProvider(authenticationProvider())
//关闭csrf防御,相似于防火墙,不关闭上面的设置不会真正生效。// 防跨站请求伪造
.csrf().disable();
return http.build();
}
@Bean
// 密码加密,不然没法做密码加密对比
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
/**
* 获取AuthenticationManager(认证管理器),登录时认证使用
*/
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
// return authenticationConfiguration.getAuthenticationManager();
// DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
// daoAuthenticationProvider.setUserDetailsService(userDetailsService);
// daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return config.getAuthenticationManager();
}
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
}
}
附:SpringSecurity6.0版本学习视频链接 (外语视频)
![父子组件间传值的实现父子组件间传值的实现[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)