Spring Security不起作用

Question

I am getting an error when I try to login (or, when I abort the HTTP Basic dialog with escape)

HTTP Status 401 - PreparedStatementCallback; bad SQL grammar [select username,authority from authorities where username = ?]; nested exception is org.postgresql.util.PSQLException: ERROR: relation "authorities" does not exist Position: 32

However, shouldn't it be enough with the two query attributes below when I want to use group based security? Do I need to define query for this attribute to? authorities-by-username-query="" Why isn't it working?

<security:authentication-manager>
    <security:authentication-provider>
        <security:jdbc-user-service data-source-ref="dataSource"
                                    users-by-username-query="..."
                                    group-authorities-by-username-query="..." />
    </security:authentication-provider>
</security:authentication-manager>

Source from JdbcDaoImpl:

if (enableAuthorities) {
    dbAuthsSet.addAll(loadUserAuthorities(user.getUsername()));
}

if (enableGroups) {
    dbAuthsSet.addAll(loadGroupAuthorities(user.getUsername()));
}

Answer 1

Is the problem that enableGroups is still set to false? It doesn't seem like there's a way to configure that using the jdbc-user-service element in the namespace configuration. The Spring JIRA issue SEC-1625 seems to confirm this.

Try declaring the JdbcDaoImpl instance as a bean instead.