spring cloud + spring security + 调试 观察密码对比_spring cloud security vs spring security

spring cloud + spring security + 调试 观察密码对比

pom.xml

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
    <version>2.3.8.RELEASE</version>
</dependency>
1
2
3
4
5

认证

1、初始用户密码

spring.security.user.name=user
spring.security.user.password=随机的
# Using generated security password: 8beaaa7b-2700-4fa6-b18b-c6f052229aec  当前随机密码
1
2
3

2、自定义用户和密码

spring.security.user.name=admin
spring.security.user.password=123456
1
2

3、查询数据库确定账户密码

SecurtyConfig 配置类

@Configuration  
public class SecurityConfig extends WebSecurityConfigurerAdapte{
   @Autowired
    private MyUserDetailsService userDetailsService;


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }
}
1
2
3
4
5
6
7
8
9
10
11

MyUserDetailsService 配置类

@Service
@Slf4j
class MyUserDetailsService implements UserDetailsService{

    @Resource
    private UserMapper userMapper;

   
     @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        log.info("输入账户为：" + username);

            /*
            UserDetails  的 子类  User
            public User(
             String username,// 用户名
             String password,//密码
			Collection<? extends GrantedAuthority> authorities //不晓得 可以获取到
			)
             */
        //根据用户名称 查询密码  并返回
        QueryWrapper<User> wrapper = new QueryWrapper<>();
        wrapper.eq("username", username);

        User user = userMapper.selectOne(wrapper);

        if (user == null) {
            throw new UsernameNotFoundException("用户名不存在！");
        }
        //角色暂定
        List<GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList("admin");

        //进行 加密
        String password =  user.getPassword();
        
        return new org.springframework.security.core.userdetails.User(
                username, password, authorities
        );
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

运行错误 ：

IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"
1

没有PasswordEncoder

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}
1
2
3
4

运行错误 ：

BCryptPasswordEncoder     : Encoded password does not look like BCrypt
1

密码没有使用 PasswordEncoder 进行加密：

//进行 加密
String password = passwordEncoder.encode(user.getPassword());
1
2

4、断点 观察如何认证

1、加密后 返回打断点

2、直接 step over 越过 ( 接下来 还要 step info 进入内部 )

3、一直跳 ，直到下一个类

4、在跳 ，直到 additionalAuthenticationChecks( , )

5、进行 step info

6、 这里停 passwordEncoder.matches( , )

7、step info 两密码 加密 进行 比对