Problem Description
or
org.springframework.security.authentication.BadCredentialsException: Bad credentials。
problem analysis
A, username or password error
By default, regardless of the user name does not exist, or the password is wrong, the Spring Security will report the Bad credentials exception information, and unrealistic specific error.
Source:
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
try { user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication); } catch (UsernameNotFoundException notFound) { logger.debug("User '" + username + "' not found"); if (hideUserNotFoundExceptions) { throw new BadCredentialsException(messages.getMessage( "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } else { throw notFound; } }
Second, access is not enough
Third, the encrypted password problem
For password encryption problem may be the following:
1. No encrypted password, then should be added {noop}, please refer to the official specific reasons before the password api
User user = new User(userInfo.getUsername(),"{noop}"+ userInfo.getPassword(),getAuthority(userInfo.getRoles()));
2. Set the encryption password in the configuration file but not its application in the service of their
Into the encryption algorithm used when the user to the database 3. In contrast, encryption algorithms, and the Spring Security configuration are the same.
solution
Analysis, see the problem.
Reference article
https://blog.csdn.net/qq_37252930/article/details/95723940
https://blog.csdn.net/qq_41950229/article/details/98479327
https://www.cnblogs.com/jifeng/archive/2012/06/09/2542928.html
https://blog.csdn.net/weixin_44580977/article/details/98491875