堆栈内存溢出
  繁体   English   中英

Spring 4按用户名查询的安全登录用户始终是登录错误

[英]Spring 4 security login users-by-username-query is always login error

 原文  2018-09-05 10:26:39       spring/ spring-security

问题描述

security-context.xml 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">



    <security:authentication-manager>
        <security:authentication-provider>
            <security:jdbc-user-service
                data-source-ref="dataSource"
                users-by-username-query="select username, password, enabled from users where username=?"
                authorities-by-username-query="select username, authority  from authorities where username=?" />
            <security:password-encoder ref="passwordEncoder"></security:password-encoder>

        </security:authentication-provider>

    </security:authentication-manager>
    <security:http auto-config="true" create-session="always"
        use-expressions="true">

        <security:csrf disabled="true" />


        <security:intercept-url pattern="/" access="permitAll" />
        <security:intercept-url pattern="/home" access="permitAll" />
        <security:intercept-url pattern="/admin/**"
            access='hasRole("ROLE_ADMIN")' />

        <security:form-login login-page="/login"
            authentication-failure-url="/login?error=1" default-target-url="/" />


        <security:headers disabled="true"></security:headers>
    </security:http>
    <bean
        class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"
        id="passwordEncoder">
    </bean>
</beans>

登录控制器 

package my.custom.project.controller;

import java.util.List;
import java.util.Locale;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

import my.custom.project.model.User;
import my.custom.project.service.UserService;

@Controller
public class LoginController {


    @Autowired
    private UserService userService;

    @RequestMapping("/login")
    public String Login(@RequestParam(value="error", required=false) String error, 
            @RequestParam(value="logout", required=false) String logout, Model model){

        if (error!=null){
            model.addAttribute("errorMsg","Invalid username and password");
        }
        if(logout!=null){
            model.addAttribute("logoutMsg", "You have been logged out successfully");
        }


        return "login";
    }

}

login.jsp 

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>

<main role="main" style="margin-top:30px;" class="col-md-9 ml-sm-auto col-lg-10 pt-3 px-4">
<div class="container-wrapper">
    <div class="container">
        <h2>Login with username and password</h2>
        <c:if test="${not empty errorMsg}">
            <div style="color: #ff0000">
                <h3>${errorMsg}</h3>
            </div>
        </c:if>
        <c:if test="${not empty logoutMsg}">
            <div style="color: #0000ff">
                <h3>${logoutMsg}</h3>
            </div>
        </c:if>


        <form action="<c:url value="/login"/>" method="post">
            <div class="form-group">
                <label for="username">Username:</label> <input type="text"
                    class="form-control" id="uesrname" placeholder="Enter username"
                    name="username" style="width: 50%">
            </div>

            <div class="form-group">
                <label for="pwd">Password:</label> <input type="password"
                    class="form-control" id="passwd" placeholder="Enter password"
                    name="password" style="width: 50%">
            </div>

            <input type="hidden" name="${_csrf.parameterName}"
                value="${_csrf.token}" />


            <button type="submit" class="btn btn-primary">Submit</button>
        </form>
    </div>
</div>
</main>

MySQL数据库

在此处输入图片说明

结果是... 在此处输入图像描述

用户名,passworr是正确的。 但是结果总是失败的。 我可以通过userService在控制器中接收用户的数据。 我猜useDao是正确的工作。 spring security security:jdbc-user-service是否有问题?

如何解决这个问题?

1 个解决方案

解决方案1
 0  2018-09-07 07:18:47

Spring确实为BCryptPasswordEncoder提供了Utility类

像这样 

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

public class PasswordEncoderGenerator {

  public static void main(String[] args) {

    String password = "123456";
    BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    String hashedPassword = passwordEncoder.encode(password);

    System.out.println(hashedPassword);

  }
}

您可以使用它为您的用户(例如admin)生成密码。

hashedPassword并将其替换为MySQL的Users表的password列,然后尝试登录。

请参阅更多的细节

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有 id_user 的 Spring Security 用户按用户名查询 如何在Spring中从用户按用户名查询获取结果集 用户按用户名查询不返回任何结果 在Spring Security中仅使用用户名登录 Spring 安全登录始终为 200 春季安全登录错误 Spring 安全登录总是登陆一个没有消息的错误页面 Spring boot 安全登录总是在没有说明的情况下运行错误 Spring 安全认证:总是重定向到错误登录页面 Spring boot &amp; Spring security 总是重定向到 Login
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM