Problems of bad credentials, encoded password does not look like bcrypt in spring-cloud-oauth2 upgrade

Record a small problem encountered in upgrading an authentication service when I was working today. Although the final solution was only one line of code, it took almost three hours

The initial version is

springboot 1.5.9.RELEASE
springcloud Dalston.SR1

Upgrade to

springboot 2.0.3.RELEASE
springcloude finchley.RELEASE

After the upgrade, the service runs normally, but an error is reported when requesting authentication

http://localhost :9000/oauth/token?grant_ type=password& scope=app& client_ id=client_ 2& client_ secret=123456& username=user& password=123456

Reply

{
“error”: “invalid_ client”,
“error_ description”: “Bad client credentials”
}

View the back-end code log

2018-09-12 00:49:40.910 WARN 519 — [nio-9000-exec-2] o.s.s.c.bcrypt.BCryptPasswordEncoder : Encoded password does not look like BCrypt

Various configurations have been changed. After reading all kinds of configuration documents, you can find a useful blog in CSDN
https://blog.csdn.net/smollsnail/article/details/78934188
According to this, after modifying two codes, it can run without error

@Bean
public PasswordEncoder bCryptPasswordEncoder() {
    return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}

Here. Secret (bcryptpasswordencoder. Encode (“123456”) should also be encrypted

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    //Configure two clients, one for password authentication and one for client authentication
    clients.inMemory()
            .withClient("client_2")
            .resourceIds(DEMO_RESOURCE_ID)
            .authorizedGrantTypes("password", "refresh_token")
            .scopes("app")
            .authorities("ROLE_APP")
            .secret(bCryptPasswordEncoder.encode("123456"))
            .accessTokenValiditySeconds(60 * 30)
            .refreshTokenValiditySeconds(60 * 60);
}

But in this way, the password stored in the database will change

{bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG

The data in the original system will be modified. And some other issues. The data in the original database cannot be modified

So I guess that changing the encryption mode back to bcrypt encryption class is really successful, and it is not mandatory to use the new factory mode

@Bean
public PasswordEncoder bCryptPasswordEncoder() {
     return new BCryptPasswordEncoder();
 }

After that, you may need to look at the source code again. I guess it was in
. Secret (bcryptpasswordencoder. Encode (“123456”))
before, there is no need to encrypt. Now, there is a default encryption matching. So the final modification only needs to change the original

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    //Configure two clients, one for password authentication and one for client authentication
    clients.inMemory()
            .withClient("client_2")
            .resourceIds(DEMO_RESOURCE_ID)
            .authorizedGrantTypes("password", "refresh_token")
            .scopes("app")
            .authorities("ROLE_APP")
            .secret("123456")
            .accessTokenValiditySeconds(60 * 30)
            .refreshTokenValiditySeconds(60 * 60);
}

After modification

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    //Configure two clients, one for password authentication and one for client authentication
    clients.inMemory()
            .withClient("client_2")
            .resourceIds(DEMO_RESOURCE_ID)
            .authorizedGrantTypes("password", "refresh_token")
            .scopes("app")
            .authorities("ROLE_APP")
            .secret(bCryptPasswordEncoder.encode("123456"))
            .accessTokenValiditySeconds(60 * 30)
            .refreshTokenValiditySeconds(60 * 60);
}

It solves the problem of authentication error after the upgrade. Although the final solution changes only one line of code. But it took more than three hours.

Similar Posts: