org.springframework.security.authentication.BadCredentialsException: The present

最新推荐文章于 2022-09-12 17:44:36 发布
最新推荐文章于 2022-09-12 17:44:36 发布 · 500 阅读 · 0
文章标签:

#java

本文详细介绍了如何使用 Spring Security 进行 HTTP 配置,并解决 Remember Me 功能出现的认证异常问题。包括自定义 RememberMeService 和配置相关组件,最终通过在 RememberMeBean 上添加 key 属性解决了认证失败的问题。
  • spring security http配置
<http auto-config="true" use-expressions="true">
        <intercept-url pattern="/css/**" access="permitAll"/>
        <intercept-url pattern="/fonts/**" access="permitAll"/>
        <intercept-url pattern="/js/**" access="permitAll"/>
        <intercept-url pattern="/signup.html*" access="permitAll"/>
        <intercept-url pattern="/login.html*" access="permitAll"/>
        <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>

        <remember-me services-ref="enhancedTokenRememberMeServices"/>
        <form-login login-page="/login.html" default-target-url="/home.html" login-processing-url="/login"
                    username-parameter="username" password-parameter="password"/>
        <logout invalidate-session="true" logout-url="/logout" logout-success-url="/"/>
    </http>
  •  自定义remember me service 
    <beans:bean id="enhancedPersistentTokenBasedRememberMeServices" class="com.aasonwu.mycompany.EnhancedPersistentTokenBasedRememberMeServices">
        <beans:constructor-arg type="java.lang.String"
                               value="BoSk70Yar38~veg91DoCKs=sLaIn!metE55bURgs71rug;ILEa=Ikon79sept+ree$Fuel99baKER;wOe43JackS=TinS79babA73tiLmibs10bIsE*"/>
        <beans:constructor-arg type="org.springframework.security.core.userdetails.UserDetailsService"
                               ref="userDao"/>
        <beans:constructor-arg type="org.springframework.security.web.authentication.rememberme.PersistentTokenRepository"
                               ref="jdbcTokenRepository" />
        <beans:property name="cookieName" value="MYCOMPANY_REMEMBER_ME"/>
        <beans:property name="parameter" value="remember_me"/>
    </beans:bean>
     
  • 运行时遇到出错 
    org.springframework.security.authentication.BadCredentialsException: The presented RememberMeAuthenticationToken does not contain the expected key
	at org.springframework.security.authentication.RememberMeAuthenticationProvider.authenticate(RememberMeAuthenticationProvider.java:64) ~[RememberMeAuthenticationProvider.class:3.2.2.RELEASE]
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) ~[ProviderManager.class:3.2.2.RELEASE]
	at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:102) ~[RememberMeAuthenticationFilter.class:3.2.2.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) [SecurityContextHolderAwareRequestFilter.class:3.2.2.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) [RequestCacheAwareFilter.class:3.2.2.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
	at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) [BasicAuthenticationFilter.class:3.2.2.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) [AbstractAuthenticationProcessingFilter.class:3.2.2.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) [LogoutFilter.class:3.2.2.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) [WebAsyncManagerIntegrationFilter.class:3.2.2.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108) [OncePerRequestFilter.class:4.0.2.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [SecurityContextPersistenceFilter.class:3.2.2.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) [FilterChainProxy.class:3.2.2.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) [FilterChainProxy.class:3.2.2.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) [DelegatingFilterProxy.class:4.0.2.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) [DelegatingFilterProxy.class:4.0.2.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:8.0.0-RC10]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:8.0.0-RC10]
	at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129) [SiteMeshFilter.class:na]
	at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77) [SiteMeshFilter.class:na]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:8.0.0-RC10]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:8.0.0-RC10]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:221) [catalina.jar:8.0.0-RC10]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:107) [catalina.jar:8.0.0-RC10]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) [catalina.jar:8.0.0-RC10]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [catalina.jar:8.0.0-RC10]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:76) [catalina.jar:8.0.0-RC10]
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:934) [catalina.jar:8.0.0-RC10]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:90) [catalina.jar:8.0.0-RC10]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [catalina.jar:8.0.0-RC10]
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1015) [tomcat-coyote.jar:8.0.0-RC10]
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:646) [tomcat-coyote.jar:8.0.0-RC10]
	at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:277) [tomcat-coyote.jar:8.0.0-RC10]
	at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2451) [tomcat-coyote.jar:8.0.0-RC10]
	at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2440) [tomcat-coyote.jar:8.0.0-RC10]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_51]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_51]
	at java.lang.Thread.run(Thread.java:744) [na:1.7.0_51]
60123 [http-apr-8080-exec-1] DEBUG c.a.m.EnhancedTokenRememberMeServices - Interactive login attempt was unsuccessful.
60123 [http-apr-8080-exec-1] DEBUG c.a.m.EnhancedTokenRememberMeServices - Cancelling cookie
     
  • 解决问题方案。在remember-me 标签上添加key属性,与remember-me bean中的key相同,即可 
    <remember-me services-ref="enhancedTokenRememberMeServices"
                     key="BoSk70Yar38~veg91DoCKs=sLaIn!metE55bURgs71rug;ILEa=Ikon79sept+ree$Fuel99baKER;wOe43JackS=TinS79babA73tiLmibs10bIsE*"/>
     
成功解决:org.springframework.security.authentication.BadCredentialsException: Bad credentials
Jav
04-25 1万+
在使用Spring security框架时报错: 原因:密码错误 因为我们开启了加密,所以数据库中只存储了密文 使用下面的代码,计算出密文,然后将数据库中密码改为密文 public class BCryptPasswordEncoderUtils { private static BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder(); public static String encodePassw
org.springframework.security.authentication.BadCredentialsException: Bad credentials异常
qq_42197032的博客
09-25 2万+
从控制台打印的信息可以看出登录输入的密码和数据库密码不匹配的问题 spring security 5.0 密码未加密报错 使用springsecurity5.0后,配置文件中直接写普通的密码如:123456,会报错: java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "n...
org.springframework.security.authentication.BadCredentialsException: Bad credentials
此人很懒,什么都没有写
06-26 2203
报错环境:使用Spring Security为Web请求和方法调用提供身份确认和授权处理的时候报错。 报错一:Access is denied 我尝试了多次方法并未解决这个报错,此报错并不影响使用,就没有再弄。 org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(Affir
使用SpringSecurity出现的异常security.authentication.BadCredentialsException: Bad credentials
Lancis的博客
03-29 637
原因: 在配置文件中配置了对密码的加密方式: <!-- 配置加密的方式 --> <security:password-encoder ref="passwordEncoder"/> 解决方法: 1:注释掉该行代码。 2.配置加密类为 <!-- 配置加密类 --> <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/&g
关于org.springframework.security.authentication.BadCredentialsException: Bad credentials问题解决方案
qq_44161999的博客
04-13 2094
从控制台打印的信息可以看出登录输入的密码和数据库密码不匹配的问题 pring security 5.0 密码未加密报错 使用spring security5.0后,配置文件中直接写普通的密码如:123456,会报错: java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id “null” 这...
No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken为什么会有这个问题,不能成功登录
04-03
当遇到 `No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken` 错误时,这表明 Spring Security 配置中缺少能够处理该类型的认证提供者 ...
package cn.njucm.dosepre.service; import cn.njucm.dosepre.dto.LoginRequest; import cn.njucm.dosepre.dto.RegisterRequest; import cn.njucm.dosepre.entity.User; import cn.njucm.dosepre.repository.UserRepository; import cn.njucm.dosepre.util.JwtUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Service; @Service // 关键!必须加 @Service 注解才能被注入 public class UserServiceImpl implements UserService { @Autowired private UserRepository userRepository; @Autowired private PasswordEncoder passwordEncoder; // 用于加密密码 @Autowired private JwtUtil jwtUtil; @Override public void registerDoctor(RegisterRequest request) { if (userRepository.findByUsername(request.getUsername()).isPresent()) { throw new IllegalArgumentException("用户名已存在"); } User user = new User(); user.setUsername(request.getUsername()); user.setPassword(passwordEncoder.encode(request.getPassword())); user.setRole("ROLE_DOCTOR"); // 默认角色 user.setStatus("PENDING"); // 待审核 userRepository.save(user); } @Override public String login(String username, String password) { User user = userRepository.findByUsername(username) .orElseThrow(() -> new BadCredentialsException("用户名或密码错误")); if (!passwordEncoder.matches(password, user.getPassword())) { throw new BadCredentialsException("用户名或密码错误"); } if (!"APPROVED".equals(user.getStatus())) { throw new BadCredentialsException("账户尚未通过审核"); } // 生成 JWT Token return jwtUtil.generateToken(username); } } Cannot resolve symbol 'UserRepository' Cannot resolve symbol 'UserService' Could not autowire. No beans of 'UserRepository' type found. Could not autowire. No beans of 'PasswordEncoder' type found.
最新发布
11-19
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @Configuration public class SecurityConfig { @Bean ...
package com.drawingapp.service; import com.drawingapp.dto.ApiResponse; import com.drawingapp.dto.LoginRequest; import com.drawingapp.dto.RegisterRequest; import com.drawingapp.entity.User; import com.drawingapp.repository.UserRepository; import lombok.RequiredArgsConstructor; import org.springframework.http.ResponseEntity; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Service; import java.util.HashMap; import java.util.Map; @Service @RequiredArgsConstructor public class UserServiceImpl implements UserService, UserDetailsService { private final UserRepository userRepository; private final PasswordEncoder passwordEncoder; private final JwtService jwtService; private final AuthenticationManager authenticationManager; @Override public ResponseEntity<ApiResponse<?>> login(LoginRequest request) { try { authenticationManager.authenticate( new UsernamePasswordAuthenticationToken( request.getUsername(), request.getPassword() ) ); var user = userRepository.findByUsername(request.getUsername()) .orElseThrow(() -> new UsernameNotFoundException("用户不存在")); var jwtToken = jwtService.generateToken((UserDetails) user); Map<String, Object> responseData = new HashMap<>(); responseData.put("token", jwtToken); // responseData.put("user", Map.of( // "id", user.getId(), // "username", user.getUsername(), // "email", user.getEmail() // )); Map<String, Object> userMap = new HashMap<>(); userMap.put("id", user.getId()); userMap.put("username", user.getUsername()); userMap.put("email", user.getEmail()); responseData.put("user", userMap); return ResponseEntity.ok(ApiResponse.success(responseData)); } catch (Exception e) { return ResponseEntity.status(401) .body(ApiResponse.error(401, "用户名或密码错误")); } } @Override public ResponseEntity<ApiResponse<?>> register(RegisterRequest request) { if (userRepository.existsByUsername(request.getUsername())) { return ResponseEntity.badRequest() .body(ApiResponse.error(400, "用户名已存在")); } if (request.getEmail() != null && userRepository.existsByEmail(request.getEmail())) { return ResponseEntity.badRequest() .body(ApiResponse.error(400, "邮箱已存在")); } // var user = User.builder() // .username(request.getUsername()) // .passwordHash(passwordEncoder.encode(request.getPassword())) // .email(request.getEmail()) // .build(); // // userRepository.save(user); User user = new User(); user.setUsername(request.getUsername()); user.setPasswordHash(passwordEncoder.encode(request.getPassword())); user.setEmail(request.getEmail()); userRepository.save(user); return ResponseEntity.status(201) .body(ApiResponse.success("用户注册成功", null)); } @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { return (UserDetails) userRepository.findByUsername(username) .orElseThrow(() -> new UsernameNotFoundException("用户不存在")); } } 修改整页,我要结果直接能复制粘贴的
09-23
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Service; import java.util.Optional; @Service public class UserServiceImpl { @Autowired ...
记一次使用SpringSecurity出现的异常security.authentication.BadCredentialsException: Bad credentials
小小心大大梦的博客
11-27 1万+
org.springframework.security.authentication.BadCredentialsException: Bad credentials at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAu...
云报错12SpringSecurity出现的异常security.authentication.BadCredentialsException: Bad credentials
qq_45351584的博客
07-08 855
admin 是我输入的用户名,可以看到数据库查询是没有问题的 出现此问题的主要原因: 在配置文件中配置了对密码的加密方式: <security:password-encoder ref=“passwordEncoder”/> 从而导致每次登陆输入的密码是正确的,但是它对数据库中的密码进行了加密,也无法使之匹配。 修改后登录成功后的页面 ...
spring security报Bad credentials错误
热门推荐
qq_37252930的博客
07-13 6万+
org.springframework.security.authentication.BadCredentialsException: Bad credentials 默认情况下:用户名或者密码错误都会报Bad credentials错误
SpringCloud OAuth2 授权服务器认证失败:BadCredentialsException: Could not obtain access token 解决方案
啦啦啦啦 la
08-21 4万+
SpringCloud OAuth2 授权服务器认证失败:BadCredentialsException: Could not obtain access token 解决方案 在使用 SpringSecurity Oauth2 搭建授权服务器时遇到一个问题,当使用 GitHub 做授权服务器时没有问题,但是本地自己搭建的授权服务器授权后登录失败;授权后应该登录成功的,但是重新调回到授权服...
Spring Security——login显示[Bad credentials]
无限迭代中......
03-07 1万+
问题描述 或者 org.springframework.security.authentication.BadCredentialsException: Bad credentials。 问题分析 一、username或者password错误 默认情况下,不管用户名不存在,还是密码错误,Spring Security都会报出Bad credentials异常信息,而不现实具体...
Spring Security BadCredentialsException: Bad credentials问题解决
Gblfy_Blog
09-12 3783
Bad credentials问题解决
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值