Question

我不想使用表名User用于我的春季安全，我想使用不同的表名这是我到目前为止所做的：

这是我的web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee                http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>application</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>/WEB-INF/application-servlet.xml, /WEB-INF/spring-security.xml</param-value>
</context-param>
<servlet-mapping>
<servlet-name>application</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
    <param-name>
        log4jConfigLocation
    </param-name>
    <param-value>
        /WEB-INF/log4j.xml
    </param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
</web-app>

这是我的spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">

<http auto-config="true"  use-expressions="true">
<intercept-url pattern="/account**" access="hasRole('ROLE_USER')" />
<form-login login-page="/login" default-target-url="/account"
    login-processing-url="/j_spring_security_check"
    username-parameter="emailAddress" password-parameter="password"
    authentication-failure-url="/loginFailed" />
<logout logout-success-url="/logoff" />
<csrf/>
</http>

<authentication-manager>
   <authentication-provider>
    <jdbc-user-service authorities-by-username-query="select emailAddress, role from   customer_roles where emailAddress =? " users-by-username-query="select emailAddress,password from customer where emailAddress=?" data-source-ref="myDataSource"/>
   </authentication-provider>
</authentication-manager>

</beans:beans>

这是我的application-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:mvc="http://www.springframework.org/schema/mvc"   xmlns:beans="http://www.springframework.org/schema/beans"
 xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
 xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">

 <!-- Enable @Controller annotation support -->
 <mvc:annotation-driven />
 <mvc:resources location="/WEB-INF/resources/" mapping="/resources/**" />

 <!-- Map simple view name such as "test" into /WEB-INF/test.jsp -->
 <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
 <property name="prefix" value="/WEB-INF/views/" />
 <property name="suffix" value=".jsp" />
 </bean>

 <!-- Scan classpath for annotations (eg: @Service, @Repository etc) -->
 <context:component-scan base-package="com.mysite"/>

 <!-- JDBC Data Source. It is assumed you have MySQL running on localhost port 3306 with 
   username root and blank password. Change below if it's not the case -->
<bean id="myDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost:3306/mydb"/>
<property name="username" value="admin"/>
<property name="password" value="password"/>
<property name="validationQuery" value="SELECT 1"/>
</bean>

<!-- Hibernate Session Factory -->
<bean id="mySessionFactory"  class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="myDataSource"/>
<property name="packagesToScan">
  <array>
    <value>com.NetVapeClub</value>
  </array>
</property>
<property name="hibernateProperties">
  <value>
    hibernate.dialect=org.hibernate.dialect.MySQLDialect
  </value>
</property>
</bean>

<!-- Hibernate Transaction Manager -->
<bean id="transactionManager"   class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="mySessionFactory"/>
</bean>
<bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy"></bean>
<!-- Activates annotation based transaction management -->
<tx:annotation-driven transaction-manager="transactionManager"/>
</beans>

这是我的login.jsp

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ page session="false" %>
<jsp:include page="header.jsp" />
<body>
<div class="centerContainer">
            <div class="leftBar">
                <div class="devicesTab"><a href=#>Devices</a></div>
                <div class="accessoriesTab"><a href=#>Accessories</a></div>
                <div class="fluidsTab"><a href=#>Fluids</a></div>
                <div class="socialMedia">
                    <img src="${pageContext.request.contextPath}/resources/img/facebook.png" /> <img src="${pageContext.request.contextPath}/resources/img/twitter.png" /> <img src="${pageContext.request.contextPath}/resources/img/google-plus.png" />                   
                </div>
            </div>
            <div class="content">
                <div class="login">
                    <h2>Please Login:</h2>
                    <form method="post" action="<c:url value='/j_spring_security_check' />">
                        <table>
                            <tr><td>Email Address:</td><td><input type="text" name="j_emailAddress" placeholder="Enter Email" /></td></tr>
                            <tr><td>Password:</td><td><input type="password" name="j_password" placeholder="Enter Password" /></td></tr>
                            <tr><td></td><td><input type="submit" value="Login" /></td></tr>
                        </table>
                        <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
                    </form>
                </div>
            </div>
        </div>
<jsp:include page="footer.jsp" />

正如您所看到的，我想使用表Customer Customer和Customer_Roles，我将要验证的字段是emailAddress，密码和角色。我知道这些不是弹簧通常正在寻找的盒子表和字段中的罐头，但我知道它可以用我自己的表格结构来完成。

当我查看springsecurity调试日志时，我看到了这一点：

2014-08-26 15:30:55,131 DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
2014-08-26 15:30:55,131 DEBUG: org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2014-08-26 15:30:55,162 DEBUG: org.springframework.security.provisioning.JdbcUserDetailsManager - Query returned no results for user ''
2014-08-26 15:30:55,166 DEBUG: org.springframework.security.authentication.dao.DaoAuthenticationProvider - User '' not found
2014-08-26 15:30:55,167 DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

我传递的凭据是正确的，我不确定断开连接的位置。有人可以帮我解释一下吗？

提前致谢

Answer 1

我认为您的表单字段中的名称错误。您已经映射了spring以查找＆＃34; emailAddress＆＃34; ＆安培; ＆＃34;密码＆＃34;

<form-login login-page="/login" default-target-url="/account"
     login-processing-url="/j_spring_security_check"
     username-parameter="emailAddress" password-parameter="password"
     authentication-failure-url="/loginFailed" />

但是在你的jsp文件中，输入设置为＆＃34; j_emailAddress＆＃34; ＆安培; ＆＃34; j_pasword＆＃34;

Email Address:</td><td><input type="text" name="j_emailAddress" placeholder="Enter Email" />
Password:</td><td><input type="password" name="j_password" placeholder="Enter Password" />

尝试从jsp文件中删除j_前缀或将username-parameter和password-parameter更改为j_emailAddress和j_password

Answer 2

好的，这就是解决方案的内容，user3697476所说的内容和这篇帖子的组合：

http://www.javacodegeeks.com/2013/11/spring-security-behind-the-scenes.html

该链接向我显示我必须将我的sql查询调整为：

<authentication-manager>
<authentication-provider>
    <jdbc-user-service authorities-by-username-query="select emailAddress as username, role as authorities from customer_roles where emailAddress =? " users-by-username-query="select emailAddress as username,password,true as enabled from customer where emailAddress=?" data-source-ref="myDataSource"/>
</authentication-provider>
</authentication-manager>

使用适当的凭据进行Spring Security Failing Authentication

2 个答案: