在添加用户时,您没有自动装配 SaltSource
。 SaltSource
是 Spring 使用的抽象,仅用于提供密码检查的salt源。
要创建正确编码的密码哈希值,只需将 salt 本身传递给 PasswordEncoder
- 即 username
属性的值,而不是 SaltSource
的值:
private PasswordEncoder encoder = new Md5PasswordEncoder();
public User createUser(String username, String plainTextPassword) {
User u = new User();
u.setUsername(username);
u.setPassword(encoder.encodePassword(plainTextPassword, username));
getEntityManager().persist(u);
return u;
}
此外,只有在将
SaltSource
定义为内部 bean 后,才能自动装配它。你可以将
ReflectionSaltSource
定义为顶级 bean,并将其 ID 传递给
password-encoder
。例如:
<bean id="saltSource"
class="org.springframework.security.authentication.dao.ReflectionSaltSource"
p:userPropertyToUse="username" />
<bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
<bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"
p:passwordEncoder-ref="passwordEncoder"
p:saltSource-ref="saltSource"
p:userDetailsService-ref="userDetailsService" />
<authentication-manager>
<authentication-provider ref="daoAuthenticationProvider" />
</authentication-manager>
然后:
@Autowired private PasswordEncoder passwordEncoder;
@Autowired private SaltSource saltSource;
public CustomUserDetails createUser(String username, String plainTextPassword) {
CustomUserDetails u = new CustomUserDetails();
u.setUsername(username);
u.setPassword(passwordEncoder.encodePassword(
plainTextPassword, saltSource.getSalt(u)));
getEntityNamager().persist(u);
return u;
}