[JAVA] SpringSecurity I was addicted to trying to log in with a hashed password (solved)

environment

What I wanted to do

It is a login process using the ID and password entered from the screen. Since the password is hashed and stored in the database user table, I had to compare the password entered with the hash value stored in the database.

I was addicted to

Authentication is NG when trying to log in with the account that should be stored in the user table. If you remove the hashing process and log in in plain text, authentication is OK.

Cause

I wrote such a source.

WebSecurityConfig.java(Before correction)


@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	UserDetailsServiceImpl userDetailsService;

    /**~ Omitted ~*/

	@Bean
	PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(userDetailsService);
	}

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService)
            .passwordEncoder(passwordEncoder());
    }
}

When I googled the article about Spring login authentication, it was written that most sites set the password encoding method in the configureGlobal method. I'm doing exactly what is written on the site I'm referring to! ?? If you think Apparently it was overwritten by the settings in the configure method.

  1. Set with configureGlobal method
  2. Set with configure method

It seems that it was the processing order. I don't understand it in great detail, so I thought I should know the life cycle of Spring properly.

WebSecurityConfig.java(Revised)


@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	UserDetailsServiceImpl userDetailsService;

    /**~ Omitted ~*/

	@Bean
	PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}

    /**~ Delete configure method ~*/

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService)
            .passwordEncoder(passwordEncoder());
    }
}

Recommended Posts

SpringSecurity I was addicted to trying to log in with a hashed password (solved)
A story I was addicted to in Rails validation settings
I was addicted to unit testing with the buffer operator in RxJava
I was addicted to doing onActivityResult () with DialogFragment
I was addicted to the NoSuchMethodError in Cloud Endpoints
What I was addicted to when developing a Spring Boot application with VS Code
A memo that I was addicted to when making batch processing with Spring Boot
What I was addicted to when trying to properly openAPI/Swagger documentation with Rails + Grape + Grape Swagger
I was addicted to setting default_url_options with Rails devise introduction
What I was addicted to with the Redmine REST API
I was addicted to using Java's Stream API in Scala
A story I was addicted to with implicit type conversion of ActiveRecord during unit testing
I was addicted to WSl when trying to build an android application development environment with Vue.js
I was addicted to starting sbt
[Circle CI] A story I was addicted to at Start Building
A note when I was addicted to converting Ubuntu on WSL1 to WSL2
What I was addicted to when implementing google authentication with rails
I got stuck trying to write a where in clause in ActiveRecord
I was angry with proc_open (): fork failed when trying to composer update inside a Docker container
[Rails] How to log in with a name by adding a devise name column
A story I was addicted to when testing the API using MockMVC
A story that I was addicted to twice with the automatic startup setting of Tomcat 8 on CentOS 8
I was addicted to a simple test of Jedis (Java-> Redis library)
I want to select multiple items with a custom layout in Dialog
Even in Java, I want to output true with a == 1 && a == 2 && a == 3 (PowerMockito edition)
I was addicted to rewriting to @SpringApplicationConfiguration-> @SpringBootTest
I was a little addicted to running old Ruby environment and old Rails
I tried to build a Firebase application development environment with Docker in 2020
I wanted to implement a slide show in a fashionable way with slick.
I was addicted to the roll method
I want to display a PDF in Chinese (Korean) with thin reports
I was addicted to the Spring-Batch test
I was a little addicted to ssh connection from mac to linux (ubuntu)
I want to ForEach an array with a Lambda expression in Java
[Go To Travel] I searched for a plan with a quo card in Jalan
I was a little addicted to the S3 Checksum comparison, so I made a note.
Even in Java, I want to output true with a == 1 && a == 2 && a == 3 (black magic edition)
I was addicted to using RXTX on Sierra
I wanted to make (a == 1 && a == 2 && a == 3) true in Java
I tried to break a block with java (1)
The part I was addicted to in "Introduction to Ajax in Java Web Applications" of NetBeans
I made a function to register images with API in Spring Framework. Part 1 (API edition)
A memorandum because I was addicted to the setting of the Android project of IntelliJ IDEA
A story I was addicted to when getting a key that was automatically tried on MyBatis
I want to embed any TraceId in the log
I was addicted to the record of the associated model
I want to use a little icon in Rails
kintone clone? I was quite addicted to launching OSS WebDB Extension with Lightsail + Docker, so make a note of it.
I tried to create a Clova skill in Java
I want to monitor a specific file with WatchService
I tried to make a login function in Java
[How to insert a video in haml with Rails]
I want to define a function in Rails Console
I want to click a GoogleMap pin in RSpec
[Ruby/Rails] How to generate a password in a regular expression
A note that I had trouble when trying to use nginx with Remote-Containers of vscode
How to batch initialize arrays in Java that I didn't know when I was a beginner
A story I was addicted to before building a Ruby and Rails environment using Ubuntu (20.04.1 LTS)
I made a function to register images with API in Spring Framework. Part 2 (Client Edition)
It's not a big deal if you understand that I was addicted to receiving emails with Java Mail from Exchange Online
I tried to create a java8 development environment with Chocolatey