我是春天安全新手,
我已经创建了一个自定义身份验证提供程序来检查用户是否通过数据库访问了受保护的页面。
一切都很好,但是当我将<intercept-url pattern="/home" access="isAuthenticated()" />添加到安全配置时,会发生错误!
这是我的 userService :
public Authentication authenticate(Authentication auth) throws AuthenticationException {
Logger logger = null;
logger = Logger.getLogger(Logger.class.getName());
PropertyConfigurator.configure("src/main/resources/log4j.properties");
ResultSet resultSet = null;
PreparedStatement preparedStatement = null;
Connection connection = null;
name= auth.getName();
pwd=auth.getCredentials().toString();
UsernamePasswordAuthenticationToken ret=null;
String select_auth= "select username,password from users where username=? and password=?";
try {
connection = dataSource1.getConnection();
preparedStatement = connection.prepareStatement(select_auth);
preparedStatement.setString(1,name);
preparedStatement.setString(2,pwd);
resultSet = preparedStatement.executeQuery();
if(resultSet.next()){
logger.info("user <"+name+"> is connected");
ret= new UsernamePasswordAuthenticationToken(name, null);}
else
{
ret= null;
}
} catch (SQLException e) {
logger.error("SQLException: " + e.getMessage());
e.printStackTrace();
}
这是我的 seurity-config
<http use-expressions="true" auto-config="true">
<form-login login-page="/login.jsp" default-target-url="/home"
authentication-failure-url="/403" />
<logout logout-success-url="/login" />
<intercept-url pattern="/home" access="isAuthenticated()" />
</http>
有人可以帮助我,或者解释一下问题的原因是什么? 提前谢谢。