I am rather new to programming so please help me out a bit here.
I have configured Spring Security
to fetch user details from the database and when I try to login with the following accounts:
The authentication fails as it always redirect me to home.jsp/OPS=999
which is my login page. The user record exists in the database but I cannot seem to log in.
This is my security config xml file.
<http auto-config="true">
<form-login login-page='/home.jsp?OPS=9999' default-target-url='/secure/user.jsp' always-use-default-target='true' />
<logout logout-success-url="/home.jsp" logout-url="/j_spring_security_logout" />
</http>
<authentication-provider>
<jdbc-user-service data-source-ref="Application.DataSource2" users-by-username-query="select USERNAME, PASSWORD from USER where lower(USERNAME) = lower(?)"/>
</authentication-provider>
I am doing it without the authentication/authorities for now as the login is not working. What could be some of the possible reasons for the authentication failure? could database connection play a part? please help me out.
Thank you in advance!
I suggest to add another intercept-url
. And it should look like this below:
<http auto-config="true"
use-expressions="true"
disable-url-rewriting="true">
<intercept-url pattern="/home.jsp**" access="isAnonymous()"/>
<intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_OPERATOR')" />
<intercept-url pattern="/secure/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page='/home.jsp?OPS=9999' default-target-url='/secure/user.jsp' always-use-default-target='true' />
<logout logout-success-url="/home.jsp" logout-url="/j_spring_security_logout" />
</http>
Try setting authentication provider to authentication manager by creating a bean like..
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService" />
</authentication-manager>
<beans:bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
<property name="usersByUsernameQuery" value="select USERNAME, PASSWORD, 1 from USER where lower(USERNAME) = lower(?)"/>
<property name="authoritiesByUsernameQuery" value="SELECT USERNAME, ROLE as authorities FROM USER u, USER_ROLE ur, ROLE r WHERE u.ID = ur.USER_ID AND ur.ROLE_ID = r.ID AND lower(USERNAME) = lower(?)" />
<property name="dataSource" ref="Application.DataSource2" />
</beans:bean>
Realised that the users-by-username-query in the applicationContext-security xml file was missing a enabled column, basically spring security expects 3 columns from the statement and i was missing the enabled column.
so the correct sql statement should be: "select USERNAME, PASSWORD, STATUS from USER where lower(USERNAME) = lower(?)"
status column is of type boolean. (1=enabled, 0=disabled)
Hope it will help someone out there :)
Thanks for all the help everyone!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.