Spring Security突然停止工作

Question

我試圖將關系映射OneToOne添加到我的User實體中，並在前面添加了一些關系映射注釋，但是當我似乎無法弄清楚Spring Security出了什么問題時，我將其刪除。 我更改的唯一類是用戶實體，並添加了ROLE實體並添加了關系注釋，然后突然我無法登錄。 用戶名和密碼不正確，我想知道是否有人可以幫助我。 謝謝。

Securty.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">

    <security:http auto-config="true" use-expressions="true" >
        <security:intercept-url pattern="/login.html" access="permitAll" />
        <security:intercept-url pattern="/home.html" access="isAuthenticated()" />
        <security:intercept-url pattern="/users.html" access="isAuthenticated()" />
        <security:intercept-url pattern="/userProfile.html" access="isAuthenticated()" />
        <security:intercept-url pattern="/patientsProfile.html" access="isAuthenticated()" />
        <security:intercept-url pattern="/patients.html" access="isAuthenticated()" />

        <security:form-login login-page="/login.html" 
               default-target-url="/home.html"   
               authentication-failure-url="/loginfailed.html"/>
        <security:logout logout-success-url="/logout.html" />
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            <security:jdbc-user-service data-source-ref="dataSource"
                users-by-username-query="SELECT user_name, password, active FROM user WHERE user_name = ?"
                authorities-by-username-query="select u.user_name, ur.role from user u, user_roles ur where u.user_id = ur.user_id and u.user_name = ? " />
        </security:authentication-provider>
    </security:authentication-manager>

</beans>

實體

package com.chart.model;

import java.util.Date;

import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.Table;

@Entity
@Table(name="user")
public class User {

    @Id
    @GeneratedValue
    @Column(name="USER_ID")
    private Long userId;

    @Column(name="FIRST_NAME")
    private String firstName;
    @Column(name="MIDDLE_INI")
    private String middleIni;
    @Column(name="LAST_NAME")
    private String lastName;
    @Column(name="BIRTH_DATE")
    private Date birthDate;
    @Column(name="USER_NAME")
    private String username;
    @Column(name="PASSWORD")
    private String password;
    @Column(name="ACTIVE")
    private String active;
    ...................
    //getters and setters here

}

JSP

<div class="container">
        <div class="row">
        <div class="col-md-4 col-md-offset-4">
            <div class="panel panel-default">
                <div class="panel-heading">
                    <h3 class="panel-title">Please Sign in</h3>
                </div>
                <div class="panel-body">
                <c:if test="${not empty error}">
                <div class="alert alert-danger">
                <spring:message code="AbstractUserDetailsAuthenticationProvider.badCredentials"/><br/>
                </div>
                </c:if>
                    <form action="<c:url value="/j_spring_security_check"></c:url>" method="post">
                    <fieldset>
                    <div class="form-group">
                        <input class="form-control" placeholder="User Name" name='j_username' type="text">
                    </div>

                    <div class="form-group">
                        <input class="form-control" placeholder="Password" name='j_password' type="password" value="">
                    </div>
                    <input class="btn btn-lg btn-success btn-block" type="submit" value="Login">
                    </fieldset>
                    </form>
                </div>
            </div>
        </div>
        </div>
    </div>

依存關系

<dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>3.1.4.RELEASE</version>
        <exclusions>
            <exclusion>
                <artifactId>spring-asm</artifactId>
                <groupId>org.springframework</groupId>
            </exclusion>
        </exclusions>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>3.1.4.RELEASE</version>
    </dependency>
    <dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-taglibs</artifactId>
    <version>3.1.4.RELEASE</version>
</dependency>

更新：但是當我使用它時，它將起作用。

<security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="Admin" password="Admin123" authorities="ROLE_ADMIN" />
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>

Answer 1

我認為您的User實體應該實現UserDetails接口，以便spring可以在身份驗證上下文中實際使用它。

http://docs.spring.io/autorepo/docs/spring-security/3.2.0.RELEASE/apidocs/org/springframework/security/core/userdetails/UserDetails.html

但這只是一個提示，至少就是我的實現方式。 也請看這里：

http://docs.spring.io/spring-security/site/docs/3.1.7.RELEASE/reference/core-services.html

同樣，如果您不確定發生了什么，則可以實現自己的身份驗證管理器並覆蓋其身份驗證方法。