当我尝试登录时,我收到了休眠日志消息。
User.java
@Entity
@Table(name = "users")
public class User {
@Id
@Column(name = "username", unique = true,
nullable = false, length = 45)
private String username;
@Column(name = "password",
nullable = false, length = 100)
private String password;
@Column(name = "enabled", nullable = false)
private boolean enabled;
/*@OneToOne(cascade=CascadeType.ALL)*/
@ManyToMany(fetch=FetchType.EAGER)
@JoinTable(name="user_roles",
joinColumns = {@JoinColumn(name="user_name", referencedColumnName="username")},
inverseJoinColumns = {@JoinColumn(name="role_id", referencedColumnName="id")})
private Set<UserRole> userRole = new HashSet<UserRole>(0);
public Set<UserRole> getUserRole() {
return this.userRole;
}
public void setUserRole(Set<UserRole> userRole) {
this.userRole = userRole;
}
getter and setter
UserRole.java
@Entity
@Table(name="roles")
public class UserRole {
@Id
@GeneratedValue
private Integer id;
private String role;
@OneToMany(cascade=CascadeType.ALL)
@JoinTable(name="user_roles",
joinColumns = {@JoinColumn(name="role_id", referencedColumnName="id")},
inverseJoinColumns = {@JoinColumn(name="user_name", referencedColumnName="username")}
)
private Set<User> userRoles;
public Set<User> getUserRoles() {
return userRoles;
}
public void setUserRoles(Set<User> userRoles) {
this.userRoles = userRoles;
}
getter and setter
我有登录表单并使用spring安全性和hibernate进行身份验证和授权。当我尝试使用用户名和密码登录时,我会收到错误,说明无效的用户名和密码。并在控制台中使用hibernate日志消息:
INFO: HHH000397: Using ASTQueryTranslatorFactory
Hibernate:
select
user0_.username as username1_2_,
user0_.enabled as enabled2_2_,
user0_.password as password3_2_
from
users user0_
where
user0_.username=?
Hibernate:
select
userrole0_.user_name as user_nam2_1_0_,
userrole0_.role_id as role_id1_1_0_,
userrole1_.id as id1_0_1_,
userrole1_.role as role2_0_1_
from
user_roles userrole0_
inner join
roles userrole1_
on userrole0_.role_id=userrole1_.id
where
userrole0_.user_name=?
我正在添加SpringSecurityConfig.java并且我使用了哈希密码。这会导致问题吗?
Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
@Qualifier("userDetailsService")
UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/admin/**")
.access("hasRole('ROLE_ADMIN')").and().formLogin()
.loginPage("/login").failureUrl("/login?error")
.usernameParameter("username")
.passwordParameter("password")
.and().logout().logoutSuccessUrl("/login?logout")
.and().csrf()
.and().exceptionHandling().accessDeniedPage("/403");
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
}
答案 0 :(得分:0)
你有堆栈跟踪吗?
数据库连接是否正常工作?
数据库中的密码经过哈希处理。