Spring Security登录问题-

Question

我是Spring / Spring Security的新手，我已经尽力解决了这个问题，但似乎并没有一遍又一遍。 问题出在下面：登录无法正常工作-即使使用正确的凭据，它也会不断告诉您它们似乎不正确。 我正在使用Spring Security和Spring mvc + Oracle（hibernate + jpa）。 非常感谢您的帮助，在此先感谢您！

这是我的配置文件。 （部分）

1. security.xml

<http auto-config="true">
    <intercept-url pattern="/welcome*" access="ROLE_USER" />
    <form-login login-page="/login" default-target-url="/welcome"
        authentication-failure-url="/loginfailed" />
    <logout logout-success-url="/logout" />
</http>

<!-- <password-encoder hash="md5" /> -->

<authentication-manager>
    <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="
          SELECT username, password, 'TRUE'
          FROM users WHERE username=?"

            authorities-by-username-query="
          SELECT u.username, ur.authority FROM users u, user_roles ur 
          WHERE u.user_id = ur.user_id AND u.username=?  " />
    </authentication-provider>
</authentication-manager>

2. web.xml

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

3. data.xml

<!-- Transaction managing using the @Transactional annotation -->
<tx:annotation-driven transaction-manager="transactionManager" />

<!-- Transaction Manager -->
<bean id="transactionManager"
    class="org.springframework.orm.hibernate3.HibernateTransactionManager">
    <property name="sessionFactory" ref="sessionFactory" />
</bean>


<bean
    class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix">
        <value>/WEB-INF/pages/</value>
    </property>
    <property name="suffix">
        <value>.jsp</value>
    </property>
</bean>

<bean id="messageSource"
    class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
    <property name="basenames">
        <list>
            <value>msgs</value>
        </list>
    </property>
    <property name="defaultEncoding" value="UTF-8" />
</bean>

<!-- ////////////////////////////////////////////////////////////////////////// -->

    <bean id="propertyConfigurer"
    class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
    p:location="/WEB-INF/jdbc.properties"/>

<!-- ////////////////////////////////////////////////////////////////////////// "-->

<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"
    destroy-method="close">
    <property name="driverClass" value="${jdbc.driverClassName}" />
    <property name="jdbcUrl" value="${jdbc.databaseurl}" />
    <property name="user" value="${jdbc.username}" />
    <property name="password" value="${jdbc.password}" />

</bean>

<!-- ////////////////////////////////////////////////////////////////////////// -->

<!-- Hibernate SessionFactory configuration -->
<bean id="sessionFactory"
    class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
    <property name="dataSource" ref="dataSource" />
    <property name="packagesToScan" value="com.tsystems.javaschool.kts.domain" />
    <property name="hibernateProperties">
        <props>
            <prop key="hibernate.show_sql">true</prop>
            <prop key="hibernate.dialect">${jdbc.dialect}</prop>
            <prop key="hibernate.connection.charSet">UTF-8</prop>
        </props>
    </property>
</bean>

Answer 1

现在很难看到错误，但是我可以为您提供一些女巫为我工作的示例：

web.xml的一部分：

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

.......

您是否在您的web.xml（web.xml的另一部分）中包含了XML文件（security.xml）？

<listener>
    <listener-class>
    org.springframework.web.context.ContextLoaderListener
    </listener-class>
</listener>
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/security-config.xml</param-value>
  </context-param>

security-config.xml的一部分（DATA是shema，ROLE和USER是表）：

<http auto-config='true'>
        <intercept-url pattern="/login**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
        <intercept-url pattern="/**" access="ROLE_GUEST, ROLE_ADMIN" />
        <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=t"/>
        <logout logout-success-url="/login.jsp?logout=t"/>
    </http>
    <authentication-manager>
        <authentication-provider>
        <password-encoder hash="md5"/>
            <jdbc-user-service data-source-ref="ds" authorities-by-username-query="select USERNAME as username, ROLE as authority from DATA.ROLE where USERNAME=?"
            users-by-username-query="select USERNAME as username, PASSWORD as password, 'true' AS enabled from DATA.USER where USERNAME=?"/>
        </authentication-provider>
    </authentication-manager>

以及JSP页面（login.jsp）的一部分：

<c:when test="${param.logout == 't'}">

// show when I logout
.......

</c:when>
<c:when test="${param.login_error == 't'}">

// show when username or password is not correct
.......

</c:when>
<c:otherwise>
.....
<form method="POST" action="<%= response.encodeURL(request.getContextPath() + "/j_spring_security_check") %>" >
......
<input class="input" type="text" name="j_username" />
......
<input class="input" type="password" name="j_password" />
.....
<input type="submit" value="Login" name="Login" />
.....
</c:otherwise>

如果还是不行，请在这里写。