오류모음집/Ohouse버그
Security Customlogin 로그인 에러(비밀번호)- 2
가끔개발
2023. 9. 8. 14:52
1. 비밀번호 오류
o.s.s.c.bcrypt.BCryptPasswordEncoder : Encoded password does not look like BCrypt
o.s.s.a.dao.DaoAuthenticationProvider : Failed to authenticate since password does not match stored value아이디는 맞고 DB에 저장된패스워드와 비밀번호가 저장된 값과 일치하지 않아 인증에 실패했습니다.
2. debugger
debugger로 값이 정확히 들어가는지 확인
2-1 authorites password 정확히 가져오는지 확인
지금 data sql문과 전혀 다르게 값이 들어가있다.
insert into member (email, created_at, modified_at, member_no, password, birthday, name, nickname)
values('d@gmail.com',now()-1,now(),1,'{bcrypt}asdf1234','2000-01-01','test','nick test');2-2 memberdto에서 잘못 가져온것을 확인하여 memberdto를 수정해주었다.
3. 수정후 테스트
아직도 패스워드를 찾지 못하는중이다. 들어온값과 db에서 가져온값을 제대로 가져오는지 확인
각자 잘 가져온것으로 확인이 된다.
4. UserDetail에서 문제점
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder()를 추가 해줬더니 로그인이 되었다.
public static PostPrincipal of(String email, String Password, String name, String nickname, LocalDate birthday) {
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String encodePassword = passwordEncoder.encode(Password); // 비밀번호 해싱
Set<RoleType> roleTypes = Set.of(RoleType.USER);
return new PostPrincipal(
email,
encodePassword,
roleTypes.stream()
.map(RoleType::getValue)
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList()),
name,
nickname,
birthday
);
}Spring Security - 4. UsernamePasswordAuthenticationFilter알아보기
안녕하세요. INCHEOL'S 입니다. 오늘은 아이디, 패스워드 기반의 인증을 담당하고 있는 UsernamePasswordAuthenticationFilter 대해 알아보겠습니다.목차1\. UsernamePasswordAuthenticationFilter2\. Auth
velog.io
select
m1_0.email,
m1_0.member_no,
m1_0.password,
m1_0.birthday,
m1_0.created_at,
m1_0.modified_at,
m1_0.name,
m1_0.nickname
from
member m1_0
where
m1_0.email=?
c.p.o.service.member.MemberService : Success find member AuditingFields(createdAt=2023-09-09T15:36:47, modifiedAt=2023-09-09T15:36:48)
o.s.s.a.dao.DaoAuthenticationProvider : Authenticated user
o.s.ChangeSessionIdAuthenticationStrategy : Changed session id from 7B1BFABD2640BF2A7376262EE845B3B8
o.s.s.w.csrf.CsrfAuthenticationStrategy : Replaced CSRF Token
w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=d@gmail.com, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[ROLE_USER]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=7B1BFABD2640BF2A7376262EE845B3B8], Granted Authorities=[ROLE_USER]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@60c58676]
w.a.UsernamePasswordAuthenticationFilter : Set SecurityContextHolder to UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=d@gmail.com, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[ROLE_USER]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=7B1BFABD2640BF2A7376262EE845B3B8], Granted Authorities=[ROLE_USER]]
o.s.s.web.DefaultRedirectStrategy : Redirecting to /
o.s.security.web.FilterChainProxy : Securing GET /
o.s.security.web.FilterChainProxy : Secured GET /
w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=d@gmail.com, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[ROLE_USER]], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=7B1BFABD2640BF2A7376262EE845B3B8], Granted Authorities=[ROLE_USER]]]
로그인이 가능하졌다.