Spring Security with OAuth2 and JWT: Encoded password does not look like BCrypt

前端未结

关注

 2  1882

I am trying to implement a spring AuthorizationServer with JWT. I was able to produce JWT tokens and login until I added BCrypt to the mix. Now, when I am trying to login, I

相关标签:

2条回答

傲寒

2020-12-31 07:10

I needed to make the following change to get it to work. If anyone else needs it.

@Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.userDetailsService(accountDetailsService)
                    .passwordEncoder(passwordEncoder)
                    .and()
                    .authenticationProvider(authenticationProvider())
                    .jdbcAuthentication()
                    .dataSource(dataSource);
        }

    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
        authenticationProvider.setUserDetailsService(accountDetailsService);
        authenticationProvider.setPasswordEncoder(passwordEncoder);
        return authenticationProvider;
    }

0 讨论(0)

-上瘾入骨i

2020-12-31 07:15
This is because you applied a BCrypt both to WebSecurity and AuthorizationServer. So you need to keep not only BCrypt encrypted user passwords in your store, but also BCrypt encrypted client secrets for OAuth2. I guess this was not what you tried to approach.

In order to make your code working, either remove
```
   @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.passwordEncoder(passwordEncoder);
    }
```
or manually encrypt your "verysecretivesecret"
0 讨论(0)
发布评论:

提交评论
- 加载中...