问题
I have developed a small project on Spring MVC. The project has account table and account has an encoded password with BCryptPasswordEncoder. I have used java config instead of XML config.
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
I get user information and encode the password.
@Autowired
private PasswordEncoder passwordEncoder;
String pass=user.getPassword();
user.setPassword(passwordEncoder.encode(pass));
In the end, even if I user 123 a password it encoded it but,
boolean passstate=pe.matches(pass, user.getPassword());
returns false
回答1:
A common mistake, the length of the “password” column (users table) is less than 60, for example, password VARCHAR(45), and some databases will truncate the data automatically. So, you always get the warning “Encoded password does not look like BCrypt”.
To solve it, make sure the length of “password” column is at least 60.
for more details check: https://www.mkyong.com/spring-security/spring-security-encoded-password-does-not-look-like-bcrypt/
来源:https://stackoverflow.com/questions/44471587/spring-security-bcryptpasswordencoder-inserted-but-not-match