stackoom
  简体   繁体   中英

Spring security authentication: always redirect to error login page

 原文  2020-03-06 19:07:45       java/ xml/ spring/ spring-security

Question

I have problem with spring security login on my application. My login page is on seller/login url, processing url is set to /loginProcessing, after submit login data on form:

    <form name="loginform" action="/loginProcessing" method="POST">
    <table>
        <tr>
            <td>Enter username:</td>
            <td><input type='text' name='username' value=''></td>
        </tr>
        <tr>
            <td>Enter password:</td>
            <td><input type='password' name='password' /></td>
        </tr>
        <tr>
            <td colspan="2"> </td>
        </tr>
        <tr>
            <td colspan='2'><input name="submit" type="submit" value="Submit" /></td>
        </tr>
    </table>
</form>

I am always redirected to login error page with status 302 on loginProcessing, no matter if the login and password are correct. Do you know why it happens every time? Sql queries in spring-security.xml for checking login data looks correct, passwords in database are stored as plain text 在此处输入图片说明

my configuration files:

spring-security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
    xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                http://www.springframework.org/schema/beans/spring-beans.xsd
                http://www.springframework.org/schema/security
                http://www.springframework.org/schema/security/spring-security.xsd">

<!-- enable use-expressions -->
<http auto-config="true">
    <intercept-url pattern="/admin/*" access="hasRole('admin')" />
    <intercept-url pattern="/seller/login" access="permitAll" />
    <intercept-url pattern="/customer/login" access="permitAll" />
    <intercept-url pattern="/changePassword" access="permitAll" />
    <intercept-url pattern="/index" access="permitAll" />

    <!-- user-defined login form redirection -->
    <form-login login-page="/seller/login" login-processing-url="/loginProcessing" default-target-url="/main"
                username-parameter="email" password-parameter="password"
                authentication-failure-url="/seller/login/error" />

    <!-- logout url -->
    <logout logout-success-url="/seller/login/logout" />

    <!-- csrf disabled -->
    <csrf disabled="true" />
</http>

<!-- Select users and user_roles from database -->
<authentication-manager>
    <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
                           users-by-username-query=
                                   "select email,password from users where email=?"
                           authorities-by-username-query=
                                   "select u.email, r.name from users u, role r, user_roles ur where u.id = ur.user_id and ur.roles_id = r.id and u.email =?" />
    </authentication-provider>
</authentication-manager>

applicationContext.xml:

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:tx="http://www.springframework.org/schema/tx"
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:mvc="http://www.springframework.org/schema/mvc"
   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsd">


<context:component-scan base-package="application"/>
<context:annotation-config />
<mvc:annotation-driven />
<tx:annotation-driven transaction-manager="transactionManager1"/>
<import resource="classpath:spring-security.xml" />

<bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" />

<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
    <property name="persistenceUnitName" value="punit"/>
    <property name="dataSource" ref="dataSource"/>
    <property name="packagesToScan" value="application"/>
    <property name="jpaVendorAdapter">
        <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
            <property name="showSql" value="true"/>
        </bean>
    </property>
    <property name="jpaPropertyMap">
        <map>
            <entry key="hibernate.dialect" value="org.hibernate.dialect.PostgreSQL9Dialect"/>
            <entry key="hibernate.hbm2ddl" value="true"/>
            <entry key="hibernate.hbm2ddl.auto" value="update"/>
            <entry key="hibernate.format_sql" value="true"/>
            <entry key="hibernate.show_sql" value="true"/>
        </map>
    </property>
</bean>

<bean id="transactionManager1" class="org.springframework.orm.jpa.JpaTransactionManager">
    <property name="entityManagerFactory" ref="entityManagerFactory"/>
</bean>

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="org.postgresql.Driver"/>
    <property name="url" value="jdbc:postgresql://localhost:5432/khn"/>
    <property name="username" value="postgres"/>
    <property name="password" value="admin"/>
</bean>

servlet.xml 

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:mvc="http://www.springframework.org/schema/mvc"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
     http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
     http://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsd">

<mvc:default-servlet-handler/>

<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix" value="/WEB-INF/pages/"/>
    <property name="suffix" value=".html"/>
</bean>

web.xml:

<web-app  version="2.4"
     xmlns="http://java.sun.com/xml/ns/j2ee"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>khn</display-name>


<welcome-file-list>
    <welcome-file>index.html</welcome-file>
</welcome-file-list>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:/applicationContext.xml</param-value>
</context-param>

<servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet
    </servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>WEB-INF/servlet.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

1 answers

solution1
 1  2020-03-07 17:24:39

Ok, i find answer by myself. I missed some schemas declaration in spring-security.xml and servlet.xml

Now in servlet.xml i have:

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="http://www.springframework.org/schema/mvc 
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans.xsd">

and in spring-security.xml:

<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans.xsd
            http://www.springframework.org/schema/security
             http://www.springframework.org/schema/security/spring-security.xsd">

Also i edited users-by-username-query, this query needs additional enabled column

select email,password,1 as enabled from users where email=?

Now we can log in with valid credentials

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Security Custom Authentication Provider always redirect to login page Spring Security, always redirect to Login page Redirect to error page in spring security pre authentication Spring boot & Spring security always redirect to Login spring security redirect page login Spring Security Authentication is null after Error page redirect Spring security login form always redirect to authfailed spring security login always redirect to failure url Spring security login always lands in an error page with no message Spring security login gives error page, is authentication failing?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM