spring sec

0 
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebSecurity
public class EmployeeSecurityConfiguration extends WebSecurityConfigurerAdapter {

    

    
	@Override
	public void configure(WebSecurity web) throws Exception {
		web.ignoring().antMatchers("/resources/**");
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/welcome").hasAnyRole("USER", "ADMIN")
				.antMatchers("/getEmployees").hasAnyRole("USER", "ADMIN").antMatchers("/addNewEmployee")
				.hasAnyRole("ADMIN").anyRequest().authenticated()
				.and().formLogin().loginPage("/login").permitAll()
				.and().logout().permitAll();

		http.csrf().disable();
	}

	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder authenticationMgr) throws Exception {
		authenticationMgr.inMemoryAuthentication().withUser("admin").password("admin").authorities("ROLE_USER").and()
				.withUser("javainuse").password("javainuse").authorities("ROLE_USER", "ROLE_ADMIN");
	}

}

kontroler:

 @RequestMapping(value ="/signUp" , method = RequestMethod.POST) 
   String signed(@RequestParam(value = "firstname", required = false) String firstname,
     @RequestParam(value ="lastname", required = false) String lastname,  @RequestParam(value ="password", required = false) String password,@RequestParam(value ="email", required = false)  String email,@RequestParam(value ="birthday", required = false)  String birthday, Model model) throws ParseException {
 
       
       Date date1=new SimpleDateFormat("dd/MM/yyyy").parse(birthday);
           
            System.out.println(firstname+" "+lastname+" "+email+" "+birthday);
            userRepository.save(new User(firstname,lastname, password,email,date1));
              return "processForm";
    }

dla tego kodu wywala mi
java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null" widziałem na googlach że niby trzeba dodać jakiś passwordEncoder ale w sumie ten kod to jest wzorowany na http://www.javainuse.com/spring/boot_form_security_custom_login i tam akurat niczego takiego nie było potrzeba

1

dodaj coś takiego w klasie security:

 @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder(11);
    }
0

inMemoryAuthentication pozwala na dodawanie użytkowników?

0
artur52 napisał(a):

dodaj coś takiego w klasie security:

 @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder(11);
    }

Próbowałem z tym ale przy wpisywaniu id i hasła wywalało mi Encoded password does not look like BCrypt
tzn. rozumiem że trzeba by to haslo zaszyfrować BCryptem ale nie wiem jak

1

W twoim przypadku encoder().encode("pass");

1 użytkowników online, w tym zalogowanych: 0, gości: 1