Spring安全性和自定义登录问题

时间:2019-02-26 15:37:00

标签: spring jsf spring-security

我的问题与这个问题(How can I do Spring Security authentication from within a JSF form)非常相似,但是我尝试了该解决方案,但问题仍然存在。

index.xhtml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"  
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
    xmlns:h="http://java.sun.com/jsf/html">
<h:head>
    <title>Info</title>
</h:head>

<h:body>
        <h:form prependId="false">
            <p>Usuario <h:inputText id="j_username" value="#{control.idUsuario}"/></p>
            <p>Password <h:inputSecret id="j_password" value="#{control.password}"/></p>
            <h:commandButton value="Entrar" action="#{control.login}" />
        </h:form>
</h:body>

</html>

Control.java

@ManagedBean
@SessionScoped
public class Control implements Serializable {

    private static final long serialVersionUID = 1L;    

    private String idUsuario;
    private String password;
    private UsuarioDAO usuarios;

    private Usuario usuario;

    public Control() {}

        public String login() {

        FacesContext facesContext = FacesContext.getCurrentInstance();
        ExternalContext extenalContext = facesContext.getExternalContext();
        RequestDispatcher dispatcher = ((ServletRequest)extenalContext.getRequest()).getRequestDispatcher("/j_spring_security_check");

        try {
            dispatcher.forward((ServletRequest)
            extenalContext.getRequest(), (ServletResponse)extenalContext.getResponse());
        } catch (ServletException | IOException e) {
            e.printStackTrace();
        }

        facesContext.responseComplete();
        return null;
    }

    public String getIdUsuario() {return idUsuario;}
    public void setIdUsuario(String idUsuario) {this.idUsuario = idUsuario;}
    public String getPassword() {return password;}
    public void setPassword(String password) {this.password = password;}
    public Usuario getUsuario() {return usuario;}
    public void setUsuario(Usuario usuario) {this.usuario = usuario;}
    public UsuarioDAO getUsuarios() {return usuarios;}
    public void setUsuarios(UsuarioDAO usuarios) {this.usuarios = usuarios;}

}

applicationContext-security.xml

    <?xml version="1.0" encoding="UTF-8"?>

<beans:beans 
  xmlns= "http://www.springframework.org/schema/security"
  xmlns:beans= "http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
                      http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
                      http://www.springframework.org/schema/security
                      http://www.springframework.org/schema/security/spring-security-3.2.xsd">
    <http>
         <intercept-url pattern="/faces/ok.xhtml" access="ROLE_ADMIN"/> 
         <intercept-url pattern="/faces/ko.xhtml" access="ROLE_USER"/>
         <form-login 
            login-page="/faces/index.xhtml" 
            default-target-url="/login_success" 
            authentication-failure-url="/faces/failLogin.xhtml"
            username-parameter="j_username"
            password-parameter="j_password" />

        <port-mappings>
            <port-mapping http="8080" https="8443" /> <!-- Tomcat -->
        </port-mappings>
    </http>


    <beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
        <beans:property name="driverClassName" value="com.mysql.jdbc.Driver" />
        <beans:property name="url" value="jdbc:mysql://localhost:3306/BUsuariosSecurity" />
        <beans:property name="username" value="root" />
        <beans:property name="password" value="" />
    </beans:bean> 

    <authentication-manager>
            <authentication-provider>
            <password-encoder hash="bcrypt" /> 
            <jdbc-user-service data-source-ref="dataSource"
                authorities-by-username-query="SELECT IdUsuario, Rol FROM TUsuarios WHERE IdUsuario = ?"
                users-by-username-query="SELECT IdUsuario, PwUsuario, Habilitado FROM TUsuarios WHERE IdUsuario = ?" />
        </authentication-provider>
    </authentication-manager>
</beans:beans>

当我尝试使用有效用户登录时,它会将我发送到failLogin.xhtml

我的数据库:https://gyazo.com/3997921c1c9bc2787a25c9b0ff904f4b

我怎么了?

需要帮助吗?

1 个答案:

答案 0 :(得分:0)

问题是数据库中的密码没有得到很好的加密,我试图通过另一个网站对其进行加密,然后我就全部使用了。