stackoom
  简体   繁体   中英

How to authenticate users from database with an authentication provider?

 原文  2015-07-29 09:17:20       java/ spring-mvc/ spring-security

Question

I'm a newbie with spring security and I want to authenticate users with database. I've created a login page and an authentication Provider with jdbc that cheks if the user exists in the database. But the problem that my code doesn't do that, it allows all users to log in! what's wrong with my code? Thanks for your help. 

@Component(value = "userService")
public class UserService implements AuthenticationProvider {

@Inject
@Named(value = "dataSource")
private DataSource dataSource;

ResultSet resultSet = null;
PreparedStatement preparedStatement = null;
Connection connection = null;

name=auth.getName();    
    pwd=auth.getCredentials().toString();


public Authentication authenticate(Authentication auth)
        throws AuthenticationException {
    final String select_auth = "select username,password from users where username='"+name+"' and password='"+pwd+"'";
    try {
        connection = dataSource.getConnection();
        preparedStatement = connection.prepareStatement(select_auth);
        resultSet = preparedStatement.executeQuery();
        while (resultSet.next()) {

                 //what to return here ?
            }

here is my security-confg.xml: 

<http auto-config="true">
    <form-login login-page="/login" username-parameter="j_username"
        password-parameter="j_password" default-target-url="/accueil"

        authentication-failure-url="/403" />
    <logout logout-success-url="/login" />
</http>

<authentication-manager>
    <authentication-provider ref="userService">
    </authentication-provider>
</authentication-manager>

1 answers

solution1
 0  2015-07-29 09:57:57

In the code, I don't see the place to set username and password to the query. you try to get the name and password and check that your query returns any result 

  @Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    String select_auth = "select username,password from users where username=? and password=?";
    String username = authentication.getName();
    String password = (String) authentication.getCredentials();

    preparedStatement = connection.prepareStatement(select_auth);
    p.setString(1, username);
    p.setString(2, password);
    resultSet = preparedStatement.executeQuery();

    while (resultSet.next()) {

        List<SampleAuthority> authorities = new ArrayList<SampleAuthority>();

        SampleAuthority a = new SampleAuthority();
        authorities.add(a);
        Collection<? extends GrantedAuthority> authorities1 = authorities;
        return new UsernamePasswordAuthenticationToken(username, password, authorities1);

   }
}

@Override
public boolean supports(Class<?> arg0) {
    return true;
}

class SampleAuthority implements GrantedAuthority {

    @Override
    public String getAuthority() {
        return "ROLE_USER";
    }

}

in the configuration, you can add 

<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<logout logout-url="/logout" />

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to configure open fire to authenticate users from external database? How to authenticate users from an oracle database using jdbc in spring security? Prevent spring security to authenticate users whom has BadCredentialException via next authentication provider How to authenticate users from a rest service How to authenticate users in Jersey Spring Security:DataBase authentication provider authenticate users from android in Yii How to authenticate users from sharepoint 2013 web service and active directory How to authenticate users by their role declarative? How to authenticate Elasticsearch with multiple users
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM