我正在尝试从DB获取身份验证角色。表格在那里,这是我的背景:
<!-- Configures in-memory implementation of the UserDetailsService implementation -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select * from users where email=?"
authorities-by-username-query="select u.email, ur.authority from users u, usersroles ur where u.id = ur.userid and u.email = ?"
/>
</security:authentication-provider>
</security:authentication-manager>
用户通过电子邮件进行身份验证。在DB控制台中执行此查询时,它会返回一个obejct,但是当我查看日志时,我发现:
16:18:55,517 DEBUG JdbcTemplate:637 - Executing prepared SQL query
16:18:55,518 DEBUG JdbcTemplate:572 - Executing prepared SQL statement [select * from users where email=?]
16:18:55,519 DEBUG DataSourceUtils:110 - Fetching JDBC Connection from DataSource
16:18:55,519 DEBUG DriverManagerDataSource:162 - Creating new JDBC DriverManager Connection to [jdbc:h2:file:../lib/Money]
16:18:55,582 DEBUG DataSourceUtils:327 - Returning JDBC Connection to DataSource
16:18:55,607 DEBUG JdbcUserDetailsManager:154 - Query returned no results for user ''
16:18:55,610 DEBUG DaoAuthenticationProvider:134 - User '' not found
16:18:55,610 DEBUG UsernamePasswordAuthenticationFilter:346 - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
我做错了什么?
用户和密码从前端代码发送。我想,一切都很好。我用用户名和密码发送一个简单的JSON。我认为autenticationManager有问题。这是代码:
<!-- Configures a custom login filter bean -->
<bean id="loginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureHandler" ref="restAuthenticationFailureHandler"/>
<property name="authenticationSuccessHandler" ref="restAuthenticationSuccessHandler"/>
<property name="filterProcessesUrl" value="/api/login/"/>
<property name="usernameParameter" value="username"/>
<property name="passwordParameter" value="password"/>
<property name="postOnly" value="true"/>
</bean>
答案 0 :(得分:3)
尝试按用户名查询编写用户,以便按此顺序返回3参数:
例如:
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT username, password, true FROM users WHERE email=?"
authorities-by-username-query="select u.email, ur.authority from users u, usersroles ur where u.id = ur.userid and u.email = ?"
/>
答案 1 :(得分:0)
像那样配置。
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf/>
</http>
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select username,password, enabled from users where username=?"
authorities-by-username-query=
"select username, role from user_roles where username =? " />
</authentication-provider>
</authentication-manager>
</beans:beans>