5

我想将 Jasig CAS 配置为使用 BCrypt 作为密码编码器。

环顾四周,我发现这可以完全由 Spring Framework 处理,但我不熟悉它。

据我了解,我只需要将 spring-security-core 和 spring-security-crypto 库添加到 war 文件并在 deployerConfigContext.xml 中更改 passwordEncoder bean。

但我得到了这个结果:

tomcat 日志文件的尾部:

Caused by: org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.springframework.security.crypto.password] for bean with name 'passwordEncoder' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested exception is java.lang.ClassNotFoundException: org.springframework.security.crypto.password
        at org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1328)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:453)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
        ... 66 more
Caused by: java.lang.ClassNotFoundException: org.springframework.security.crypto.password
        at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1720)
        at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1571)
        at org.springframework.util.ClassUtils.forName(ClassUtils.java:249)
        at org.springframework.beans.factory.support.AbstractBeanDefinition.resolveBeanClass(AbstractBeanDefinition.java:395)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doResolveBeanClass(AbstractBeanFactory.java:1349)
        at org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1320)
        ... 72 more

Sep 23, 2015 2:06:30 PM org.apache.catalina.core.ApplicationContext log
INFO: Closing Spring root WebApplicationContext

deployerConfigContext.xml 的一部分:

<bean id="primaryAuthenticationHandler"
      class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
      p:dataSource-ref="dataSource"
      p:passwordEncoder-ref="passwordEncoder"
      p:sql="select password from users where username=? and active=1" />

<bean id="passwordEncoder" class="org.springframework.security.crypto.password"/>

ls ~tomcat/webapps/cas/WEB-INF/lib | grep 弹簧安全

spring-security-cas-4.0.1.RELEASE.jar
spring-security-config-4.0.1.RELEASE.jar
spring-security-core-4.0.1.RELEASE.jar
spring-security-core-4.0.2.RELEASE.jar
spring-security-crypto-4.0.2.RELEASE.jar
spring-security-web-4.0.1.RELEASE.jar

如果我错了,请纠正我,但我想我已经在 deployerConfigContext.xml 中配置了 bean。你能指出我有什么问题吗?

4

1 回答 1

1

你这里有一个错字:

<bean id="passwordEncoder" class="org.springframework.security.crypto.password"/>

那不是类元素;这是一个包裹。编码器可能是这个:

<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

请参阅:https ://docs.spring.io/spring-security/site/docs/4.2.7.RELEASE/apidocs/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.html

于 2018-10-19T18:19:02.743 回答