我正在开发一个简单的弹簧项目,用户弹出安全性进行身份验证。 弹簧security.xml文件
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/hellotheme" access="hasRole('ROLE_ADMIN')" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
default-target-url="/hellobootstrap"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf />
</http>
<authentication-manager>
<authentication-provider user-service-ref="myUserDetailsService">
</authentication-provider>
</authentication-manager>
和spring-database.xml
<!-- MySQL data source -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/sample" />
<property name="username" value="root" />
<property name="password" value="123456" />
</bean>
<!-- Hibernate session factory -->
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="mappingResources">
<list>
<value>orm/Roles.hbm.xml</value>
<value>orm/UserRoles.hbm.xml</value>
<value>orm/Users.hbm.xml</value>
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">
org.hibernate.dialect.MySQL5Dialect
</prop>
<prop key="hibernate.format_sql">true</prop>
<prop key="hibernate.show_sql">true</prop>
</props>
</property>
</bean>
<bean id="userDao" class="com.sample.dao.UserDaoImpl">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<bean id="myUserDetailsService"
class="com.sample.services.MyUserDetailsService">
<property name="userDao" ref="userDao" />
</bean>
<!-- MUST have transaction manager, using aop and aspects -->
<bean id="transactionManager"
class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory"></property>
</bean>
<tx:advice id="txAdvice" transaction-manager="transactionManager">
<tx:attributes>
<tx:method name="get*" read-only="true" />
<tx:method name="find*" read-only="true" />
<tx:method name="*" />
</tx:attributes>
</tx:advice>
<aop:config>
<aop:pointcut id="userServicePointCut"
expression="execution(* com.sample.services.*Service.*(..))" />
<aop:advisor advice-ref="txAdvice" pointcut-ref="userServicePointCut" />
</aop:config>
当我跑步并尝试登录时,我收到了类似DaoAuthenticationProvider - Authentication failed: password does not match stored value的错误。
但是我得到的实体与存储在数据库中的信息完全相同。在我的项目中,我不使用任何编码器来输入密码。
我无法知道存储的密码是什么,它已受到保护。
有人可以帮我解决这个问题吗?
更新
这是调试日志。
13:58:09.229 DEBUG o.h.internal.util.EntityPrinter - com.sample.entities.Roles{id=1, description=, userRoleses=<uninitialized>, role=ROLE_ADMIN}
13:58:09.231 DEBUG o.h.internal.util.EntityPrinter - com.sample.entities.UserRoles{id=1, users=com.sample.entities.Users#1, roles=com.sample.entities.Roles#1}
13:58:09.232 DEBUG o.h.internal.util.EntityPrinter - com.sample.entities.Users{id=1, enabled=true, username=admin, userRoleses=[com.sample.entities.UserRoles#1], password=123456}
13:58:09.234 DEBUG o.h.e.t.i.jdbc.JdbcTransaction - committed JDBC Connection
13:58:09.234 DEBUG o.h.e.t.i.jdbc.JdbcTransaction - re-enabling autocommit
13:58:09.241 DEBUG o.s.o.h.HibernateTransactionManager - Closing Hibernate Session [SessionImpl(PersistenceContext[entityKeys=[EntityKey[com.sample.entities.Roles#1], EntityKey[com.sample.entities.UserRoles#1], EntityKey[com.sample.entities.Users#1]],collectionKeys=[CollectionKey[com.sample.entities.Users.userRoleses#1], CollectionKey[com.sample.entities.Roles.userRoleses#1]]];ActionQueue[insertions=[] updates=[] deletions=[] orphanRemovals=[] collectionCreations=[] collectionRemovals=[] collectionUpdates=[] collectionQueuedOps=[] unresolvedInsertDependencies=UnresolvedEntityInsertActions[]])] after transaction
13:58:09.242 DEBUG o.h.e.j.i.LogicalConnectionImpl - Releasing JDBC connection
13:58:09.243 DEBUG o.h.e.j.i.LogicalConnectionImpl - Released JDBC connection
14:00:25.469 DEBUG o.s.s.a.d.DaoAuthenticationProvider - Authentication failed: password does not match stored value
14:06:40.843 DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
第二次更新 MyUserDetailServiceClass
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
Users user = userDao.findByUserName(username);
List<GrantedAuthority> authorities = buildUserAuthority(user.getUserRoleses());
return buildUserForAuthentication(user, authorities);
}
// Convert from user entity to spring security userdetails
private User buildUserForAuthentication(Users user,
List<GrantedAuthority> authorities) {
return new User(user.getUsername(),
user.getPassword(), user.isEnabled(),
true, true, true, authorities);
}
private List<GrantedAuthority> buildUserAuthority(Set<UserRoles> userRoles) {
Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
// Build user's authorities
for (UserRoles userRole : userRoles) {
setAuths.add(new SimpleGrantedAuthority(userRole.getRoles().getRole()));
}
List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);
return Result;
}