[英]Spring Security Suddenly Stopped working
I tried to add relational mapping OneToOne to my User entity added some relational mapping annotations earlier but I took it out when I can't seem to figure out what went wrong to my Spring Security. 我试图将关系映射OneToOne添加到我的User实体中,并在前面添加了一些关系映射注释,但是当我似乎无法弄清楚Spring Security出了什么问题时,我将其删除。 The only class I changed was the User Entity and added a ROLE entity and added relational annotations then all of a sudden I couldn't login.
我更改的唯一类是用户实体,并添加了ROLE实体并添加了关系注释,然后突然我无法登录。 User and password is incorrect, I'm wondering if somebody can help me out.
用户名和密码不正确,我想知道是否有人可以帮助我。 Thank you.
谢谢。
Securty.xml Securty.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
<security:http auto-config="true" use-expressions="true" >
<security:intercept-url pattern="/login.html" access="permitAll" />
<security:intercept-url pattern="/home.html" access="isAuthenticated()" />
<security:intercept-url pattern="/users.html" access="isAuthenticated()" />
<security:intercept-url pattern="/userProfile.html" access="isAuthenticated()" />
<security:intercept-url pattern="/patientsProfile.html" access="isAuthenticated()" />
<security:intercept-url pattern="/patients.html" access="isAuthenticated()" />
<security:form-login login-page="/login.html"
default-target-url="/home.html"
authentication-failure-url="/loginfailed.html"/>
<security:logout logout-success-url="/logout.html" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT user_name, password, active FROM user WHERE user_name = ?"
authorities-by-username-query="select u.user_name, ur.role from user u, user_roles ur where u.user_id = ur.user_id and u.user_name = ? " />
</security:authentication-provider>
</security:authentication-manager>
</beans>
Entity 实体
package com.chart.model;
import java.util.Date;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.Table;
@Entity
@Table(name="user")
public class User {
@Id
@GeneratedValue
@Column(name="USER_ID")
private Long userId;
@Column(name="FIRST_NAME")
private String firstName;
@Column(name="MIDDLE_INI")
private String middleIni;
@Column(name="LAST_NAME")
private String lastName;
@Column(name="BIRTH_DATE")
private Date birthDate;
@Column(name="USER_NAME")
private String username;
@Column(name="PASSWORD")
private String password;
@Column(name="ACTIVE")
private String active;
...................
//getters and setters here
}
JSP JSP
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Please Sign in</h3>
</div>
<div class="panel-body">
<c:if test="${not empty error}">
<div class="alert alert-danger">
<spring:message code="AbstractUserDetailsAuthenticationProvider.badCredentials"/><br/>
</div>
</c:if>
<form action="<c:url value="/j_spring_security_check"></c:url>" method="post">
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="User Name" name='j_username' type="text">
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name='j_password' type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="Login">
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
Dependencies 依存关系
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.4.RELEASE</version>
<exclusions>
<exclusion>
<artifactId>spring-asm</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.4.RELEASE</version>
</dependency>
UPDATE: But when i use this, it will work. 更新:但是当我使用它时,它将起作用。
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="Admin" password="Admin123" authorities="ROLE_ADMIN" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
I think your User entity should implement the UserDetails interface so spring can actually use it in an authentication context. 我认为您的User实体应该实现UserDetails接口,以便spring可以在身份验证上下文中实际使用它。
http://docs.spring.io/autorepo/docs/spring-security/3.2.0.RELEASE/apidocs/org/springframework/security/core/userdetails/UserDetails.html http://docs.spring.io/autorepo/docs/spring-security/3.2.0.RELEASE/apidocs/org/springframework/security/core/userdetails/UserDetails.html
But thats just a tip, at least thats how I implemented it. 但这只是一个提示,至少就是我的实现方式。 Also look here:
也请看这里:
http://docs.spring.io/spring-security/site/docs/3.1.7.RELEASE/reference/core-services.html http://docs.spring.io/spring-security/site/docs/3.1.7.RELEASE/reference/core-services.html
Also if you're not sure whats happening you can just implement your own authentication manager and overwrite its authenticate method. 同样,如果您不确定发生了什么,则可以实现自己的身份验证管理器并覆盖其身份验证方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.