stackoom
  简体   繁体   中英

Spring security: user and admin login fails

 原文  2015-09-14 19:29:58       java/ mysql/ spring-security

Question

This should be a simple solution but I can't seem to figure it out.

Problem: Every time I try to login as either user or admin, the username and password always return "access denied for this user" (even though the usernames and the roles are indeed in the database).

Here are my files:

LoginController: 

@Controller
    public class LoginController {
        @RequestMapping("login")
         public ModelAndView getLoginForm(
           @RequestParam(required = false) String authfailed, String logout,
           String denied) {
          String message = "";
          if (authfailed != null) {
           message = "Invalid username of password, try again !";
          } else if (logout != null) {
           message = "Logged Out successfully, login again to continue !";
          } else if (denied != null) {
           message = "Access denied for this user !";
          }
          return new ModelAndView("login", "message", message);
         }

         @RequestMapping("user")
         public String geUserPage() {
          return "user";
         }

         @RequestMapping("admin")
         public String geAdminPage() {
          return "admin";
         }

         @RequestMapping("403page")
         public String ge403denied() {
          return "redirect:login?denied";
         }

    }

security-servlet.xml: 

<http auto-config="true" use-expressions="true">
  <access-denied-handler error-page="/403page" />
  <intercept-url pattern="/anonymous" access="isAnonymous"/>
  <intercept-url pattern="/user**" access="hasRole('ROLE_USER')" />
  <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
  <form-login login-page='/login' username-parameter="username"
   password-parameter="password" default-target-url="/user"
   authentication-failure-url="/login?authfailed" />
  <logout logout-success-url="/login?logout" />
 </http>

 <authentication-manager>
  <authentication-provider>
   <jdbc-user-service data-source-ref="dataSource"
    users-by-username-query="select username,password, enabled from users where username=?"
    authorities-by-username-query="select username, role from user_roles where username =?  " />
  </authentication-provider>
 </authentication-manager>

1 answers

solution1
 0 ACCPTED  2015-10-01 15:27:10

通过在pom.xml中使用正确的安全版本解决了此问题

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to Create login module of admin (only signIn) and validate user in spring without spring security? Spring Security - Login Fails even if good credentials Spring security authenticate user to enter admin Spring Security & Spring Batch Admin Console - custom login page Spring Security ProviderNotFoundException when user authentication fails Spring security blocks user after failed login Adding user to session, spring security default login spring security pre authenticated user login Spring Security JDBC authentication login user error SpringMVC 3 Spring Security Creating User Login
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM