[英]Spring-security not logging-in user even when credentials are correct
Can anyone point out my mistake.谁能指出我的错误。 I cannot login with a registered user at first I thought it was because I was encrypting the password but even now I have removed encoding the user still cannot login even with plaintext password?
起初我无法使用注册用户登录我以为是因为我正在加密密码但即使现在我已经删除了编码用户仍然无法使用明文密码登录?
Here is my web.xml:这是我的 web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>SgaWebApp</display-name>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<servlet>
<display-name>dispatcher</display-name>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:com/sga/app/xml/dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
<url-pattern>*.css</url-pattern>
</servlet-mapping>
<resource-ref>
<res-ref-name>jdbc/springSgaDb</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:com/sga/app/xml/security-context.xml
classpath:com/sga/app/xml/dao-context.xml
classpath:com/sga/app/xml/service-context.xml
</param-value>
</context-param>
<filter>
<display-name>springSecurityFilterChain</display-name>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
My login.jsp:我的登录.jsp:
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<link href="${pageContext.request.contextPath}/static/css/main.css"
rel="stylesheet" type="text/css">
<title>SGA-login page</title>
</head>
<body onload='document.f.j_username.focus();'>
<div class="wrapper">
<!-- Form -->
<div class="login">
<h2 class="customLoginFormHeader">Login with Username and
Password</h2>
<c:if test="${param.error != null}">
<p class="errorCustomLogin">Login failed. Please try your
username/password again.</p>
</c:if>
<form name='f'
action='${pageContext.request.contextPath}/j_spring_security_check'
method='POST' class="loginForm">
<table>
<tr class="loginFormTableRow">
<td class="tdCustomLogin">Username:</td>
<td><input type='text' name='j_username'
class="usernameInputCustomLogin"></td>
</tr>
<tr class="loginFormTableRow">
<td class="tdCustomLogin">Password:</td>
<td><input type='password' name='j_password'
class="passwordInputCustomLogin" /></td>
</tr>
<tr class="loginFormTableRow">
<td class="tdRememberMeHeader">Remember me:</td>
<td><input type="checkbox"
name='_spring_security_remember_me' checked="checked"
class="rememberMeCustomLogin" /></td>
</tr>
<tr class="loginFormTableRow">
<td colspan='2'><input type="submit" value="Login"
class="customLoginSubmitButton" /></td>
</tr>
</table>
</form>
</div>
</div>
</body>
</html>
My security-context.xml:我的 security-context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service
data-source-ref="dataSource" id="jdbcUserService" />
</security:authentication-provider>
</security:authentication-manager>
<security:http use-expressions="true">
<security:logout logout-success-url="/login"
invalidate-session="true" />
<security:intercept-url pattern="/admin"
access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/admin"
access="permitAll" />
<security:intercept-url pattern="/login"
access="permitAll" />
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/static/**"
access="permitAll" />
<security:intercept-url pattern="/customloginform"
access="permitAll" />
<security:intercept-url pattern="/error"
access="permitAll" />
<security:intercept-url pattern="/register"
access="permitAll" />
<security:intercept-url pattern="/createaccount"
access="permitAll" />
<security:intercept-url pattern="/accountcreated"
access="permitAll" />
<security:intercept-url pattern="/contactus"
access="permitAll" />
<security:intercept-url pattern="/denied"
access="permitAll" />
<security:intercept-url pattern="/menu"
access="isAuthenticated()" />
<security:intercept-url pattern="/roundanalysis"
access="isAuthenticated()" />
<security:intercept-url pattern="/roundanalysiserrorpage"
access="isAuthenticated()" />
<security:intercept-url pattern="/analysisoutcome"
access="isAuthenticated()" />
<security:intercept-url pattern="/viewmystats"
access="isAuthenticated()" />
<security:intercept-url pattern="/userstats"
access="isAuthenticated()" />
<security:intercept-url pattern="/clubstats"
access="isAuthenticated()" />
<security:intercept-url pattern="/allstats"
access="isAuthenticated()" />
<security:intercept-url pattern="/**" access="denyAll" />
<security:form-login login-page="/customloginform"
default-target-url="/menu" authentication-failure-url="/customloginform?error=true" />
<security:access-denied-handler
error-page="/denied" />
<security:remember-me key="sgaAppKey"
user-service-ref="jdbcUserService" />
</security:http>
<security:global-method-security
secured-annotations="enabled"></security:global-method-security>
And my LoginDAO:还有我的 LoginDAO:
@Repository
@Component("usersDAO")
@Transactional
public class UsersDAO {
private NamedParameterJdbcTemplate jdbc;
@Autowired
private SessionFactory sessionFactory;
public Session session() {
return sessionFactory.getCurrentSession();
}
@Transactional
public boolean createUser(UserBean user) {
MapSqlParameterSource params = new MapSqlParameterSource();
params.addValue("username", user.getUsername());
params.addValue("email", user.getEmail());
params.addValue("password", user.getPassword());
params.addValue("forename", user.getForename());
params.addValue("surname", user.getSurname());
params.addValue("homeclub", user.getHomeclub());
params.addValue("authority", user.getAuthority());
return jdbc
.update("insert into users (username, email, password, forename, surname, homeclub, authority) values (:username, :email, :password, :forename, :surname, :homeclub, :authority)",
params) == 1;
}
@Autowired
public void setDataSource(DataSource jdbc) {
this.jdbc = new NamedParameterJdbcTemplate(jdbc);
}
public boolean exists(String username) {
return jdbc.queryForObject(
"select count(*) from users where username=:username",
new MapSqlParameterSource("username", username), Integer.class) > 0;
}
public List<UserBean> getAllUsers() {
return jdbc.query("select * from users",
BeanPropertyRowMapper.newInstance(UserBean.class));
}
} }
And here is the console output:这是控制台输出:
DEBUG - Request is to process authentication
DEBUG - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
DEBUG - Executing prepared SQL query
DEBUG - Executing prepared SQL statement [select username,password,enabled from users where username = ?]
DEBUG - Fetching JDBC Connection from DataSource
DEBUG - Returning JDBC Connection to DataSource
DEBUG - Executing prepared SQL query
DEBUG - Executing prepared SQL statement [select username,authority from authorities where username = ?]
DEBUG - Fetching JDBC Connection from DataSource
DEBUG - Returning JDBC Connection to DataSource
DEBUG - User 'Harry12345' has no authorities and will be treated as 'not found'
DEBUG - User 'Harry12345' not found
DEBUG - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
DEBUG - Updated SecurityContextHolder to contain null Authentication
DEBUG - Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@65d201b5
DEBUG - Interactive login attempt was unsuccessful.
DEBUG - Cancelling cookie
DEBUG - Redirecting to /customloginform?error=true
DEBUG - Redirecting to '/SgaWebApp/customloginform?error=true'
Log output clearly shows the problem:日志输出清楚地显示了问题:
DEBUG - User 'Harry12345' has no authorities and will be treated as 'not found'
So, it found the user but did not found any authorities associated with him.因此,它找到了用户,但没有找到与他相关的任何权限。
Default <security:jdbc-user-service />
expects at least one authority associated with each user.默认
<security:jdbc-user-service />
期望与每个用户关联的至少一个权限。 These authorities should be represented as defined in 37.1 User Schema .这些权限应该按照37.1 User Schema 中的定义来表示。
If you want different representation of user and authority data (eg your authority
field), you need to implement custom UserDetailsService
instead.如果您想要不同的用户和权限数据表示(例如您的
authority
字段),则需要实现自定义UserDetailsService
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.