Question

我尝试将关系映射OneToOne添加到我的User实体中，之前添加了一些关系映射注释，但是当我无法弄清楚我的Spring Security出了什么问题时，我把它拿出来了。我改变的唯一类是用户实体并添加了一个ROLE实体并添加了关系注释，然后我突然无法登录。用户和密码不正确，我想知道是否有人可以帮助我。谢谢。

Securty.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">

    <security:http auto-config="true" use-expressions="true" >
        <security:intercept-url pattern="/login.html" access="permitAll" />
        <security:intercept-url pattern="/home.html" access="isAuthenticated()" />
        <security:intercept-url pattern="/users.html" access="isAuthenticated()" />
        <security:intercept-url pattern="/userProfile.html" access="isAuthenticated()" />
        <security:intercept-url pattern="/patientsProfile.html" access="isAuthenticated()" />
        <security:intercept-url pattern="/patients.html" access="isAuthenticated()" />

        <security:form-login login-page="/login.html" 
               default-target-url="/home.html"   
               authentication-failure-url="/loginfailed.html"/>
        <security:logout logout-success-url="/logout.html" />
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            <security:jdbc-user-service data-source-ref="dataSource"
                users-by-username-query="SELECT user_name, password, active FROM user WHERE user_name = ?"
                authorities-by-username-query="select u.user_name, ur.role from user u, user_roles ur where u.user_id = ur.user_id and u.user_name = ? " />
        </security:authentication-provider>
    </security:authentication-manager>

</beans>

实体

package com.chart.model;

import java.util.Date;

import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.Table;

@Entity
@Table(name="user")
public class User {

    @Id
    @GeneratedValue
    @Column(name="USER_ID")
    private Long userId;

    @Column(name="FIRST_NAME")
    private String firstName;
    @Column(name="MIDDLE_INI")
    private String middleIni;
    @Column(name="LAST_NAME")
    private String lastName;
    @Column(name="BIRTH_DATE")
    private Date birthDate;
    @Column(name="USER_NAME")
    private String username;
    @Column(name="PASSWORD")
    private String password;
    @Column(name="ACTIVE")
    private String active;
    ...................
    //getters and setters here

}

JSP

<div class="container">
        <div class="row">
        <div class="col-md-4 col-md-offset-4">
            <div class="panel panel-default">
                <div class="panel-heading">
                    <h3 class="panel-title">Please Sign in</h3>
                </div>
                <div class="panel-body">
                <c:if test="${not empty error}">
                <div class="alert alert-danger">
                <spring:message code="AbstractUserDetailsAuthenticationProvider.badCredentials"/><br/>
                </div>
                </c:if>
                    <form action="<c:url value="/j_spring_security_check"></c:url>" method="post">
                    <fieldset>
                    <div class="form-group">
                        <input class="form-control" placeholder="User Name" name='j_username' type="text">
                    </div>

                    <div class="form-group">
                        <input class="form-control" placeholder="Password" name='j_password' type="password" value="">
                    </div>
                    <input class="btn btn-lg btn-success btn-block" type="submit" value="Login">
                    </fieldset>
                    </form>
                </div>
            </div>
        </div>
        </div>
    </div>

依赖关系

<dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>3.1.4.RELEASE</version>
        <exclusions>
            <exclusion>
                <artifactId>spring-asm</artifactId>
                <groupId>org.springframework</groupId>
            </exclusion>
        </exclusions>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>3.1.4.RELEASE</version>
    </dependency>
    <dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-taglibs</artifactId>
    <version>3.1.4.RELEASE</version>
</dependency>

更新但是当我使用它时，它会起作用。

<security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="Admin" password="Admin123" authorities="ROLE_ADMIN" />
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>

Answer 1

我认为您的用户实体应该实现UserDetails接口，因此Spring可以在身份验证环境中实际使用它。

http://docs.spring.io/autorepo/docs/spring-security/3.2.0.RELEASE/apidocs/org/springframework/security/core/userdetails/UserDetails.html

但这只是一个提示，至少这就是我如何实现它。另见：

http://docs.spring.io/spring-security/site/docs/3.1.7.RELEASE/reference/core-services.html

此外，如果您不确定发生了什么，您可以实现自己的身份验证管理器并覆盖其身份验证方法。

Spring Security突然停止工作

1 个答案: