自定义加密解密报错：encoded password does not look like bcrypt

来源：4-3 自定义用户认证逻辑

我是真的返

2019-03-20

老师您好：
问题：添加用户时密码已加密、自定义WebSecurityConfig也启用passwordEncoder加密方式、但是登录验证还是过不去，请问如何解决？

添加用户代码：

@Autowired
private PasswordEncoder passwordEncoder;

#加密代码
user.setPassword(passwordEncoder.encode(user.getPassword().trim()));

启用加密方式：

@Autowired
private CustomUserDetailsServiceImpl userDetailsService;

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws 	Exception {
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}

登录debug时发现在 DaoAuthenticationProvider.additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) 方法38行进行matchs时，从authentication.getCredentials().toString()取出的密码是登录密码输入框里面输入的”123456“，导致验证失败。为什么取出的是123456？

protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        if (authentication.getCredentials() == null) {
            this.logger.debug("Authentication failed: no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        } else {
            String presentedPassword = authentication.getCredentials().toString();
            if (!this.passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
                this.logger.debug("Authentication failed: password does not match stored value");
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
            }
        }
    }

写回答

1回答