即使凭据正确,Spring-security 也不会登录用户
[英]Spring-security not logging-in user even when credentials are correct
问题描述
Can anyone point out my mistake.
谁能指出我的错误。 I cannot login with a registered user at first I thought it was because I was encrypting the password but even now I have removed encoding the user still cannot login even with plaintext password?起初我无法使用注册用户登录我以为是因为我正在加密密码但即使现在我已经删除了编码用户仍然无法使用明文密码登录?
Here is my web.xml:这是我的 web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>SgaWebApp</display-name>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<servlet>
<display-name>dispatcher</display-name>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:com/sga/app/xml/dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
<url-pattern>*.css</url-pattern>
</servlet-mapping>
<resource-ref>
<res-ref-name>jdbc/springSgaDb</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:com/sga/app/xml/security-context.xml
classpath:com/sga/app/xml/dao-context.xml
classpath:com/sga/app/xml/service-context.xml
</param-value>
</context-param>
<filter>
<display-name>springSecurityFilterChain</display-name>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
My login.jsp:我的登录.jsp:
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<link href="${pageContext.request.contextPath}/static/css/main.css"
rel="stylesheet" type="text/css">
<title>SGA-login page</title>
</head>
<body onload='document.f.j_username.focus();'>
<div class="wrapper">
<!-- Form -->
<div class="login">
<h2 class="customLoginFormHeader">Login with Username and
Password</h2>
<c:if test="${param.error != null}">
<p class="errorCustomLogin">Login failed. Please try your
username/password again.</p>
</c:if>
<form name='f'
action='${pageContext.request.contextPath}/j_spring_security_check'
method='POST' class="loginForm">
<table>
<tr class="loginFormTableRow">
<td class="tdCustomLogin">Username:</td>
<td><input type='text' name='j_username'
class="usernameInputCustomLogin"></td>
</tr>
<tr class="loginFormTableRow">
<td class="tdCustomLogin">Password:</td>
<td><input type='password' name='j_password'
class="passwordInputCustomLogin" /></td>
</tr>
<tr class="loginFormTableRow">
<td class="tdRememberMeHeader">Remember me:</td>
<td><input type="checkbox"
name='_spring_security_remember_me' checked="checked"
class="rememberMeCustomLogin" /></td>
</tr>
<tr class="loginFormTableRow">
<td colspan='2'><input type="submit" value="Login"
class="customLoginSubmitButton" /></td>
</tr>
</table>
</form>
</div>
</div>
</body>
</html>
My security-context.xml:我的 security-context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service
data-source-ref="dataSource" id="jdbcUserService" />
</security:authentication-provider>
</security:authentication-manager>
<security:http use-expressions="true">
<security:logout logout-success-url="/login"
invalidate-session="true" />
<security:intercept-url pattern="/admin"
access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/admin"
access="permitAll" />
<security:intercept-url pattern="/login"
access="permitAll" />
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/static/**"
access="permitAll" />
<security:intercept-url pattern="/customloginform"
access="permitAll" />
<security:intercept-url pattern="/error"
access="permitAll" />
<security:intercept-url pattern="/register"
access="permitAll" />
<security:intercept-url pattern="/createaccount"
access="permitAll" />
<security:intercept-url pattern="/accountcreated"
access="permitAll" />
<security:intercept-url pattern="/contactus"
access="permitAll" />
<security:intercept-url pattern="/denied"
access="permitAll" />
<security:intercept-url pattern="/menu"
access="isAuthenticated()" />
<security:intercept-url pattern="/roundanalysis"
access="isAuthenticated()" />
<security:intercept-url pattern="/roundanalysiserrorpage"
access="isAuthenticated()" />
<security:intercept-url pattern="/analysisoutcome"
access="isAuthenticated()" />
<security:intercept-url pattern="/viewmystats"
access="isAuthenticated()" />
<security:intercept-url pattern="/userstats"
access="isAuthenticated()" />
<security:intercept-url pattern="/clubstats"
access="isAuthenticated()" />
<security:intercept-url pattern="/allstats"
access="isAuthenticated()" />
<security:intercept-url pattern="/**" access="denyAll" />
<security:form-login login-page="/customloginform"
default-target-url="/menu" authentication-failure-url="/customloginform?error=true" />
<security:access-denied-handler
error-page="/denied" />
<security:remember-me key="sgaAppKey"
user-service-ref="jdbcUserService" />
</security:http>
<security:global-method-security
secured-annotations="enabled"></security:global-method-security>
And my LoginDAO:还有我的 LoginDAO:
@Repository
@Component("usersDAO")
@Transactional
public class UsersDAO {
private NamedParameterJdbcTemplate jdbc;
@Autowired
private SessionFactory sessionFactory;
public Session session() {
return sessionFactory.getCurrentSession();
}
@Transactional
public boolean createUser(UserBean user) {
MapSqlParameterSource params = new MapSqlParameterSource();
params.addValue("username", user.getUsername());
params.addValue("email", user.getEmail());
params.addValue("password", user.getPassword());
params.addValue("forename", user.getForename());
params.addValue("surname", user.getSurname());
params.addValue("homeclub", user.getHomeclub());
params.addValue("authority", user.getAuthority());
return jdbc
.update("insert into users (username, email, password, forename, surname, homeclub, authority) values (:username, :email, :password, :forename, :surname, :homeclub, :authority)",
params) == 1;
}
@Autowired
public void setDataSource(DataSource jdbc) {
this.jdbc = new NamedParameterJdbcTemplate(jdbc);
}
public boolean exists(String username) {
return jdbc.queryForObject(
"select count(*) from users where username=:username",
new MapSqlParameterSource("username", username), Integer.class) > 0;
}
public List<UserBean> getAllUsers() {
return jdbc.query("select * from users",
BeanPropertyRowMapper.newInstance(UserBean.class));
}
} }
And here is the console output:这是控制台输出:
DEBUG - Request is to process authentication
DEBUG - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
DEBUG - Executing prepared SQL query
DEBUG - Executing prepared SQL statement [select username,password,enabled from users where username = ?]
DEBUG - Fetching JDBC Connection from DataSource
DEBUG - Returning JDBC Connection to DataSource
DEBUG - Executing prepared SQL query
DEBUG - Executing prepared SQL statement [select username,authority from authorities where username = ?]
DEBUG - Fetching JDBC Connection from DataSource
DEBUG - Returning JDBC Connection to DataSource
DEBUG - User 'Harry12345' has no authorities and will be treated as 'not found'
DEBUG - User 'Harry12345' not found
DEBUG - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
DEBUG - Updated SecurityContextHolder to contain null Authentication
DEBUG - Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@65d201b5
DEBUG - Interactive login attempt was unsuccessful.
DEBUG - Cancelling cookie
DEBUG - Redirecting to /customloginform?error=true
DEBUG - Redirecting to '/SgaWebApp/customloginform?error=true'
1 个解决方案
解决方案1
1 已采纳 2015-04-24 16:26:31
Log output clearly shows the problem:日志输出清楚地显示了问题:
DEBUG - User 'Harry12345' has no authorities and will be treated as 'not found'
So, it found the user but did not found any authorities associated with him.因此,它找到了用户,但没有找到与他相关的任何权限。
Default <security:jdbc-user-service /> expects at least one authority associated with each user.默认<security:jdbc-user-service />期望与每个用户关联的至少一个权限。 These authorities should be represented as defined in 37.1 User Schema .这些权限应该按照37.1 User Schema 中的定义来表示。
If you want different representation of user and authority data (eg your authority field), you need to implement custom UserDetailsService instead.如果您想要不同的用户和权限数据表示(例如您的authority字段),则需要实现自定义UserDetailsService 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Spring-security甚至在提交表单之前就会显示“Bad Credentials” - Spring-security shows 'Bad Credentials' even before submitting the form
在Spring-Security中注销用户时从会话中删除用户登录凭据 - Removing user login credentials from session when user logout in spring-security
Spring Security - 即使凭据正确,身份验证也不起作用 - Spring Security - Authentication not working even the credentials are correct
春季安全错误登录的用户 - spring-security wrong logged user
Spring,Spring-security:即使登录失败,Spring-security也将返回302 - Spring, Spring-security : Spring-security returning 302, even if login failed
Spring-security:即使在 JVM 重启后也保持活动会话 - Spring-security : Maintaing active sessions even after JVM restart
剖析弹簧安全性 - Profile into spring-security
当未经授权的用户尝试使用未知的用户名和密码登录时,spring-security 项目崩溃 - spring-security project crush when unauthorized user try to login with unknown username & password
当他尝试进入登录页面时,使用Java spring-security重定向已经登录的用户 - Redirect already logged in user with java spring-security when he tries to enter login page
BadCredentialsException是spring-security - BadCredentialsException is spring-security
相关标签