我想使用用户的email_id作为用户名,但出于某种原因,当我尝试通过email_id进行身份验证时,它无效,它将被重定向到错误页面。
这是我的安全配置
的实现 @Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource).passwordEncoder(passwordEncoder())
.usersByUsernameQuery(
"select email_id,password,enabled from users where email_id = ?")
.authoritiesByUsernameQuery(
"select email_id,'USER_ROLE' from users where email_id = ?");
}
PS:我尝试?围绕'?'认为email_id未正确传递。
登录页面JSP
<form method="post" th:action="@{/login}" name="f">
<fieldset>
<%-- <div th:if="${param.error}" class="alert alert-error">
Invalid username and password.
</div>
<div th:if="${param.logout}" class="alert alert-success">
You have been logged out.
</div> --%>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<div class="margin-top-10 form-group">
<input class="form-control input-lg" type="text" id="username" name="username" placeholder="Username" />
</div>
<div class="margin-top-10 form-group">
<input class="form-control input-lg" type="password" id="password" name="password" placeholder="Password"/>
</div>
<div class="margin-top-10 form-actions form-group">
<button type="submit" class="btn btn-default btn-primary">Login</button>
<a class="register-link">Register</a>
</div>
</fieldset>
</form>
答案 0 :(得分:0)
您需要在HttpSecurity表单登录配置中设置类似的内容,以便Spring安全性接受您的自定义用户名和密码字段:
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin().usernameParameter("email_id").passwordParameter("password").permitAll();
}