我们正在使用Spring MVC 4.0,但我们无法针对数据库验证用户。我们有以下Java安全配置类:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
/**
* Configura el acceso a la aplicación para los usuarios.
*/
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
String queryUsers = "SELECT acod_usuario as username, ades_clave as password, true as enabled " +
"FROM t_usuarios " +
"WHERE acod_usuario = ?";
String queryAuth = "SELECT acod_usuario as username, 'ROLE_USER' as role" +
"FROM t_usuarios " +
"WHERE acod_usuario = ?";
auth.jdbcAuthentication().dataSource(dataSource).
usersByUsernameQuery(queryUsers).
authoritiesByUsernameQuery(queryAuth);
}
/**
* Configuración de la seguridad HTTP.
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().
antMatchers("/home","/403","/resources/**").permitAll().
anyRequest().hasAnyRole("ROLE_USER, ANONYMOUS").
and().
formLogin().
loginPage("/home").usernameParameter("username").passwordParameter("password").
and().
logout().
permitAll().
and().
exceptionHandling().accessDeniedPage("/403").and().
csrf();
}
}
Pagres授权工作正常,但我们无法使登录与有效用户一起使用。所有用户都可以输入应用程序,而不是数据库中存在的用户。数据源配置也正常,
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "com.justinfact.web.*")
public class WebConfig extends WebMvcConfigurerAdapter {
private UsuarioDAO usuarioDAO;
private CatalogosDAO catalogosDAO;
private CFEDAO cfeDAO;
/**
* Registra la base de datos de backend, creando un connection pool.
*
* @return DataSource
*/
@Bean
public DataSource dataSource() {
BasicDataSource basicDataSource = new BasicDataSource();
basicDataSource.setDriverClassName("com.mysql.jdbc.Driver");
basicDataSource.setUrl("jdbc:mysql://localhost:3306/db");
basicDataSource.setUsername("xxxxx");
basicDataSource.setPassword("xxxxx");
basicDataSource.setInitialSize(5);
basicDataSource.setMaxActive(10);
basicDataSource.setAccessToUnderlyingConnectionAllowed(true);
return basicDataSource;
}
/**
* Se registra el template para trabajar con JDBC
*
* @return JdbcTemplate
*/
@Bean
public JdbcTemplate jdbcTemplate(DataSource dataSource) {
return new JdbcTemplate(dataSource);
}
但似乎没有查询正在执行。我们测试了这些查询并且对我们来说很好。登录页面是标准页面:
<div class="contenedor">
<img src="<s:url value='resources' />/images/logo.jpg" width="220" height="90" border="0" />
<h1>
Acceso Sistema
</h1>
<br>
<c:url value="login" var="loginURL"/>
<sf:form id="homeForm" action="${loginURL}" method="POST" commandName="user">
<c:if test="${param.error != null}">
<p>Usuario o clave incorrecta</p>
</c:if>
<c:if test="${param.logout != null}">
<p>Ha salido correctamente de la aplicación</p>
</c:if>
<div class="div_form">
<sf:input path="rut" placeholder="RUT empresa"/>
</div>
<div class="div_form">
<sf:input path="username" placeholder="nombre de usuario"/><sf:errors path="username" />
</div>
<div class="div_form">
<sf:password path="password" placeholder="contraseña"/>
</div>
<div><a id="ingresar" href="#">Acceder</a></div>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</sf:form>
我们有一个基本的控制器文件来管理这个操作:
@Controller
public class HomeController {
private static final Logger logger = LoggerFactory.getLogger(HomeController.class);
/**
* Simply selects the home view to render by returning its name.
*/
@RequestMapping(value = "home", method = RequestMethod.GET)
public String home(Locale locale, Model model) {
logger.info("Welcome home! The client locale is {}.", locale);
/*
Date date = new Date();
DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG, locale);
String formattedDate = dateFormat.format(date);
model.addAttribute("serverTime", formattedDate );
*/
model.addAttribute("user",new Login());
return "home";
}
/**
* Realiza la gestión de la operación de login/acceso al sistema con usuario y clave.
*
* @param user
* @param model
* @return
*/
@RequestMapping(value = "login", method = RequestMethod.POST)
public String login(@Valid Login user, Model model, Errors errors) {
logger.info("en Login");
logger.info(errors.toString());
logger.info(user.toString());
System.out.println(user);
model.addAttribute("user", user);
return "login";
}
}
我们做错了什么?
提前致谢
答案 0 :(得分:0)
解决,
一个问题是我的控制器中有POST的“/ login”操作,它会覆盖Spring安全性的默认登录操作。现在它正在进行其他一些改变。
由于