Spring Security5.0登录报错There is no PasswordEncoder mapped for the id “null”
项目配置:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
@RestController
public class TestController {
@RequestMapping("/")
public String index(){
return "hello springboot";
}
@RequestMapping("/hello")
public String hello(){
return "hello";
}
}
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and().logout().permitAll()
.and().formLogin().permitAll();
http.csrf().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/js/**","/css/**","/images/**");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("admin").password("123456").roles("USER");
}
}
启动项目,浏览器访问localhost:8080正确显示hello springboot,访问localhost:8080/hello跳转到登录页面,挡在登录页面输入用户名和密码登录时,却并不跳转,且控制台报错There is no PasswordEncoder mapped for the id “null”
java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"
at org.springframework.security.crypto.password.DelegatingPasswordEncoder$UnmappedIdPasswordEncoder.matches(DelegatingPasswordEncoder.java:233)
at org.springframework.security.crypto.password.DelegatingPasswordEncoder.matches(DelegatingPasswordEncoder.java:196)
网上查资料得知,在spring5.0之后,springsecurity存储密码的格式发生了改变。详情见springsecurity官方文档
新的密码存储格式为:加密方式和加密后的密码
{id}encodedPassword
如下面这几种密码的存储方式
{bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG {noop}password {pbkdf2}5d923b44a6d129f3ddf3e3c8d29412723dcbde72445e8ef6bf3b508fbf17fa4ed4d6b99ca763d8dc {scrypt}$e0801$8bWJaSu2IKSn9Z9kM+TPXfOc/9bdYSrN1oD9qfVThWEwdRTnO7re7Ei+fUZRJ68k9lTyuTeUp4of4g24hHnazw==$OAOec05+bXxvuu/1qZ6NUR+xQYvYv7BeL1QxwRpY5Pc= {sha256}97cde38028ad898ebc02e690819fa220e88c62e0699403e94fff291cfffaf8410849f27605abcbc0
由于在上面的配置中我们并没有指定加密的方式,那么加密方式就是空的,所以会跑出异常,要想解决这个问题我们需指定密码的加密方式。
解决办法:
1.在上面的配置类中加入一个配置方法用于支持没有加密方式的方法
@Bean
public static NoOpPasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
不过此方式已经过时,不建议使用
2.修改上面配置用户的方法,指定一个加密方式并对密码进行加密,springsecurity支持的加密方式很多,这里使用bcrypt
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.passwordEncoder(new BCryptPasswordEncoder())
.withUser("admin").password(new BCryptPasswordEncoder().encode("123456")).roles("USER");
}
3.注入你的UserDetailsService实现类 userService增加一个配置方法
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder());
}