[Spring Boot] Security InMemory "PasswordEncoder Error"
Sever 2018. 5. 3. 12:291 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | package demo.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { //인메모리 설정 @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { //auth.inMemoryAuthentication().withUser("admin").password("1234").roles("ADMIN"); <---- Spring Boot PasswordEncoder Error auth.inMemoryAuthentication().withUser("admin").password("{noop}1234").roles("ADMIN"); } protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/admin/**").hasRole("ADMIN") .antMatchers("/**").permitAll(); http.formLogin() .loginPage("/login").permitAll(); } } | cs |
In spring-security-core:5.0.0.RC1
, the default PasswordEncoder
is built as a DelegatingPasswordEncoder
. When you store the users in memory, you are providing the passwords in plain text and when trying to retrieve the encoder from the DelegatingPasswordEncoder
to validate the password it can't find one that matches the way in which these passwords were stored.
Use this way to create users instead.
User.withDefaultPasswordEncoder().username("user").password("user").roles("USER").build();
You can also simply prefix {noop}
to your passwords in order for the DelegatingPasswordEncoder
use the NoOpPasswordEncoder
to validate these passwords. Notice that NoOpPasswordEncoder
is deprecated though, as it is not a good practice to store passwords in plain text.
User.withUsername("user").password("{noop}user").roles("USER").build();
'Sever' 카테고리의 다른 글
마이크로서비스 (0) | 2019.01.30 |
---|---|
카페24 node.js + mysql (0) | 2019.01.10 |
[Spring Boot] There is no PasswordEncoder mapped for the id "null" (0) | 2018.05.02 |
Tomcat에러 (0) | 2018.04.30 |
[Spring Boot] [http://java.sun.com/jsp/jstl/core] cannot be resolved (0) | 2018.04.30 |