There is no PasswordEncoder mapped for the id “null”

Spring Security5.0登录报错There is no PasswordEncoder mapped for the id “null”

项目配置:


    
      org.springframework.boot
      spring-boot-starter-web
    
    
      org.springframework.boot
      spring-boot-starter-security
    
  
@RestController
public class TestController {
    @RequestMapping("/")
    public String index(){
        return "hello springboot";
    }
    @RequestMapping("/hello")
    public String hello(){
        return "hello";
    }
}
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/").permitAll()
                .anyRequest().authenticated()
                .and().logout().permitAll()
                .and().formLogin().permitAll();
        http.csrf().disable();

    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/js/**","/css/**","/images/**");
    }
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth
                .inMemoryAuthentication()
                .withUser("admin").password("123456").roles("USER");
    }
 
}

启动项目,浏览器访问localhost:8080正确显示hello springboot,访问localhost:8080/hello跳转到登录页面,挡在登录页面输入用户名和密码登录时,却并不跳转,且控制台报错There is no PasswordEncoder mapped for the id “null”

java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"
	at org.springframework.security.crypto.password.DelegatingPasswordEncoder$UnmappedIdPasswordEncoder.matches(DelegatingPasswordEncoder.java:233)
	at org.springframework.security.crypto.password.DelegatingPasswordEncoder.matches(DelegatingPasswordEncoder.java:196)

网上查资料得知,在spring5.0之后,springsecurity存储密码的格式发生了改变。详情见springsecurity官方文档

新的密码存储格式为:加密方式和加密后的密码

{id}encodedPassword

如下面这几种密码的存储方式

{bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG 
{noop}password 
{pbkdf2}5d923b44a6d129f3ddf3e3c8d29412723dcbde72445e8ef6bf3b508fbf17fa4ed4d6b99ca763d8dc 
{scrypt}$e0801$8bWJaSu2IKSn9Z9kM+TPXfOc/9bdYSrN1oD9qfVThWEwdRTnO7re7Ei+fUZRJ68k9lTyuTeUp4of4g24hHnazw==$OAOec05+bXxvuu/1qZ6NUR+xQYvYv7BeL1QxwRpY5Pc=  
{sha256}97cde38028ad898ebc02e690819fa220e88c62e0699403e94fff291cfffaf8410849f27605abcbc0 

由于在上面的配置中我们并没有指定加密的方式,那么加密方式就是空的,所以会跑出异常,要想解决这个问题我们需指定密码的加密方式。

解决办法:

1.在上面的配置类中加入一个配置方法用于支持没有加密方式的方法

@Bean
public static NoOpPasswordEncoder passwordEncoder() {
    return NoOpPasswordEncoder.getInstance();
}
不过此方式已经过时,不建议使用

2.修改上面配置用户的方法,指定一个加密方式并对密码进行加密,springsecurity支持的加密方式很多,这里使用bcrypt

@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth
                .inMemoryAuthentication()
                .passwordEncoder(new BCryptPasswordEncoder())
                .withUser("admin").password(new BCryptPasswordEncoder().encode("123456")).roles("USER");
    }

3.注入你的UserDetailsService实现类 userService增加一个配置方法

@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder());
    }

你可能感兴趣的:(框架学习)