[英]Spring 4 security login users-by-username-query is always login error
security-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select username, password, enabled from users where username=?"
authorities-by-username-query="select username, authority from authorities where username=?" />
<security:password-encoder ref="passwordEncoder"></security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<security:http auto-config="true" create-session="always"
use-expressions="true">
<security:csrf disabled="true" />
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/home" access="permitAll" />
<security:intercept-url pattern="/admin/**"
access='hasRole("ROLE_ADMIN")' />
<security:form-login login-page="/login"
authentication-failure-url="/login?error=1" default-target-url="/" />
<security:headers disabled="true"></security:headers>
</security:http>
<bean
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"
id="passwordEncoder">
</bean>
</beans>
登錄控制器
package my.custom.project.controller;
import java.util.List;
import java.util.Locale;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import my.custom.project.model.User;
import my.custom.project.service.UserService;
@Controller
public class LoginController {
@Autowired
private UserService userService;
@RequestMapping("/login")
public String Login(@RequestParam(value="error", required=false) String error,
@RequestParam(value="logout", required=false) String logout, Model model){
if (error!=null){
model.addAttribute("errorMsg","Invalid username and password");
}
if(logout!=null){
model.addAttribute("logoutMsg", "You have been logged out successfully");
}
return "login";
}
}
login.jsp
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<main role="main" style="margin-top:30px;" class="col-md-9 ml-sm-auto col-lg-10 pt-3 px-4">
<div class="container-wrapper">
<div class="container">
<h2>Login with username and password</h2>
<c:if test="${not empty errorMsg}">
<div style="color: #ff0000">
<h3>${errorMsg}</h3>
</div>
</c:if>
<c:if test="${not empty logoutMsg}">
<div style="color: #0000ff">
<h3>${logoutMsg}</h3>
</div>
</c:if>
<form action="<c:url value="/login"/>" method="post">
<div class="form-group">
<label for="username">Username:</label> <input type="text"
class="form-control" id="uesrname" placeholder="Enter username"
name="username" style="width: 50%">
</div>
<div class="form-group">
<label for="pwd">Password:</label> <input type="password"
class="form-control" id="passwd" placeholder="Enter password"
name="password" style="width: 50%">
</div>
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" />
<button type="submit" class="btn btn-primary">Submit</button>
</form>
</div>
</div>
</main>
MySQL數據庫
結果是... 在此處輸入圖像描述
用戶名,passworr是正確的。 但是結果總是失敗的。 我可以通過userService在控制器中接收用戶的數據。 我猜useDao是正確的工作。 spring security security:jdbc-user-service是否有問題?
如何解決這個問題?
Spring確實為BCryptPasswordEncoder
提供了Utility類
像這樣
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
public class PasswordEncoderGenerator {
public static void main(String[] args) {
String password = "123456";
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String hashedPassword = passwordEncoder.encode(password);
System.out.println(hashedPassword);
}
}
您可以使用它為您的用戶(例如admin)生成密碼。
取hashedPassword
並將其替換為MySQL的Users表的password列,然后嘗試登錄。
請參閱此更多的細節
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.