发表新帖
发表新帖

Encoded password does not look like BCrypt

后端 未结
关注
17 1861
心在旅途
心在旅途 2020-12-05 13:20

I am using Spring Boot, Spring Security, OAuth2 and JWT to authenticate my application, but I keep getting this nasty error and I don\'t have any idea what is wrong. My

相关标签:
17条回答
  • 情歌与酒
    2020-12-05 13:33

    In Spring Security 5, the default encoder is DelegatingPasswordEncoder, which required Password Storage Format.

    Read this

        private PasswordEncoder delegateEncoder =
            PasswordEncoderFactories.createDelegatingPasswordEncoder();

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception{
            clients
                    .jdbc(dataSource)
                    .passwordEncoder(delegateEncoder);
    }

    Generate the password or secret code using default encoder which is DelegatingPasswordEncoder

    System.out.println(delegateEncoder.encode("123123"));
// it generates the encoded code something like this: 
// {bcrypt}$2a$10$0aISzamI0jBCVTxONzJlHOk7O7QS.XPFIheLVhXultVa9Ju7SarZ6
    0 讨论(0)
  • 别跟我提以往
    2020-12-05 13:35

    As of today, with Spring Boot 2.1.7.RELEASE, I am still experiencing this issue. I was using some online tools which gave me hashes starting with $2b or $2y, which Spring's BCryptPasswordEncoder does not allow:

    public class BCryptPasswordEncoder implements PasswordEncoder {
    private Pattern BCRYPT_PATTERN = Pattern
            .compile("\\A\\$2a?\\$\\d\\d\\$[./0-9A-Za-z]{53}");
...

    Solution: use BCryptPasswordEncoder class to encode the password:

    BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
System.out.println(encoder.encode("admin"));

    And then:

    @Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
        throws Exception {
    auth.inMemoryAuthentication()
            .withUser("admin")
            .password("{bcrypt}$2a$10$6CW1agMzVzBhxDzK0PcxrO/cQcmN9h8ZriVEPy.6DJbVeyATG5mWe")
            .roles("ADMIN");
}
    0 讨论(0)
  • 深忆病人
    2020-12-05 13:35

    I had the same error and it was because of the datatype of the password column, this column was length blank fixed (CHARACTER), so make sure You're using a VARCHAR datatype or else change the length to 60 for you password column.

    0 讨论(0)
  • 佛祖请我去吃肉
    2020-12-05 13:38

    BCryptPasswordEncoder does not strip the {bcrypt} id, but DelegatingPasswordEncoder do it. When I define explicitly BCryptPasswordEncoder as an encoder for DaoAuthenticationProvider it calls matches method on BCryptPasswordEncoder (without id strip), but not on DelegatingPasswordEncoder (with id strip).

    0 讨论(0)
  • 夕颜
    2020-12-05 13:41

    BCryptPasswordEncoder shows this warning when it fails to match a raw password with an encoded password.

    The hashed password might be “$2b” or “$2y” now.

    And there is a bug in Spring Security that has a regex always looking for “$2a”. Put a debug point at the matches() function in the BCryptPasswordEncoder.class.

    0 讨论(0)
  • 猫巷女王i
    2020-12-05 13:42

    I struggled with this error while doing a Spring Security Course.

    My problem was that even though in the AuthenticationManager I was using the encoding, e.g:

        @Autowired
    public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService)
                .passwordEncoder(passwordEncoder());
    }

    The Problem was that I was not Encoding the Password when I was saving the Users!! Example:

    final Principal entity = new Principal(loginName, passwordEncoder.encode(pass), roles);
    0 讨论(0)
 看不清?
提交回复
热议问题