在Spring Security中從內存數據存儲切換為使用數據庫后,無法登錄
[英]can't login after I have switched from in memory data store to using a database in spring security
問題描述
我正在嘗試為我的Web應用程序使用Spring安全性。 我即將啟用登錄功能,因此用戶可以登錄到我網站中的安全頁面。 到目前為止,我一直在使用Spring security自己的系統,在這里我使用內存中的數據存儲進行身份驗證(主要是測試它是否有效,因為我仍在學習。)
當我嘗試使用存儲不同用戶的數據庫時,出現了我的問題。 當我嘗試登錄時,Spring Security會將我重定向到“ authentication-failure-url”,而不是登錄。
我創建了一個自定義UserDetails類
package dk.chakula.web.security;
import dk.chakula.web.domain.User;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
/**
*
* @author Martin Rohwedder
* @since 20-02-2013
* @version 1.0
*/
public class ChakulaUserDetails implements UserDetails {
private User user;
private List<? extends GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
public ChakulaUserDetails(User user, List<? extends GrantedAuthority> authorities) {
this.user = user;
this.authorities = authorities;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public String getPassword() {
return this.user.getPassword();
}
@Override
public String getUsername() {
return this.user.getUsername();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
我還創建了一個自定義UserDetailsService,我的“身份驗證提供程序”正在引用它。 那堂課看起來像這樣。
package dk.chakula.web.security;
import dk.chakula.web.domain.User;
import dk.chakula.web.service.UserService;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
/**
*
* @author Martin Rohwedder
* @since 20-02-2013
* @version 1.0
*/
@Component("chakulaUserDetailsService")
public class ChakulaUserDetailsService implements UserDetailsService {
@Autowired
private UserService userService;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
if (StringUtils.isBlank(username)) {
throw new UsernameNotFoundException("Username was empty");
}
User user = userService.getUserByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User with username '" + username + "' was not found");
}
List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
grantedAuthorities.add(new SimpleGrantedAuthority(user.getUserRole()));
return new ChakulaUserDetails(user, grantedAuthorities);
}
}
我整個春季安全上下文看起來像這樣
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http use-expressions="true">
<!-- Form Login Filter -->
<security:form-login login-page="/login" default-target-url="/app/start" authentication-failure-url="/login?authenticationNok=1" username-parameter="username" password-parameter="password" always-use-default-target="true" />
<!-- Logout Filter -->
<security:logout logout-success-url="/home?logoutOk=1" logout-url="/logout" invalidate-session="true" />
<!-- Intercept Url filters -->
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/home" access="permitAll" />
<security:intercept-url pattern="/about" access="permitAll" />
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/resources/**" access="permitAll" />
<security:intercept-url pattern="/app/**" access="fullyAuthenticated" />
</security:http>
<bean id="chakulaUserDetailsService" class="dk.chakula.web.security.ChakulaUserDetailsService" />
<security:authentication-manager>
<security:authentication-provider user-service-ref="chakulaUserDetailsService">
<security:password-encoder hash="sha-256">
<security:salt-source user-property="username" />
</security:password-encoder>
<!--
<security:user-service>
<security:user name="test" password="e9233bd61e14137a7e28f92c50ce279215e774a1772d1e9dad5f275b9cc8177c" authorities="ROLE_CUSTOMER" />
</security:user-service>
-->
</security:authentication-provider>
</security:authentication-manager>
</beans>
如果您需要幫助,可以查看我在GITHUB上Chakula項目中的所有源代碼-https: //github.com/martin-rohwedder/chakula
1 個解決方案
解決方案1
0 已采納 2013-02-21 12:16:44
我的Dao Implementation類似乎全部失敗,因為當我顯示AuthenticationException消息時,它告訴我以下內容-無法解析屬性:USERNAME of:dk.chakula.web.domain.User [來自dk.chakula .web.domain.User u,其中u.USERNAME =:USERNAME]
我要做的就是用非大寫字母寫u.USERNAME。
我改用以下值重寫了安全上下文xml文件的form-login標簽authentication-failure-url屬性。
<security:form-login login-page="/login" default-target-url="/app/start" authentication-failure-url="/login/failure" username-parameter="username" password-parameter="password" always-use-default-target="true" />
之后,我在AuthenticationController中制作了一個新方法來呈現故障視圖,並將AuthenticationException消息作為模型添加到視圖中
@RequestMapping(value = {"/login/failure"}, method = RequestMethod.GET)
public ModelAndView renderLoginFailureView(HttpServletRequest request) {
ModelAndView mav = new ModelAndView("login");
AuthenticationException authEx = (AuthenticationException) request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
mav.addObject("authEx", authEx.getMessage());
return mav;
}
下次我知道在趕赴stackoverflow之前先顯示所有異常消息。 盡管現在其他人將來可能會從我的回答中受益。
感謝Arun P Johny在這里幫助我。
如何從數據庫中獲取電子郵件和密碼? 我無法在Spring Security中驗證用戶
[英]How can i take email and password from database? I can't validate users in Spring security
如何使用spring security從失敗的登錄中獲取用戶名?
[英]How can I get the username from a failed login using spring security?
如何將大量數據從數據庫存儲到XML(內存問題)?
[英]How can I store large amount of data from a database to XML (memory problem)?
如何將大量數據從數據庫存儲到XML(內存問題,第二部分)?
[英]How can I store large amount of data from a database to XML (memory problem, part two)?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
Spring Security無法登錄
Spring 安全 - 輸入無效密碼后無法登錄
如何從數據庫中獲取電子郵件和密碼? 我無法在Spring Security中驗證用戶
我無法使用 java netbeans 存儲數據本地主機(數據庫)
如何使用spring security從失敗的登錄中獲取用戶名?
以登錄形式使用MySql數據庫和Spring Security
如何將大量數據從數據庫存儲到XML(內存問題)?
如何將大量數據從數據庫存儲到XML(內存問題,第二部分)?
我無法使用Spring Security登錄
無法在spring boot security中登錄我的自定義登錄頁面
相關標簽