w.a.UsernamePasswordAuthenticationFilter：尝试验证用户身份时发生内部错误

Question

我无法在我的系统中登录。当我在Web表单中插入数据并单击“登录”按钮时，我的系统无法工作。（数据正确）。

用户实体：

    @Entity
    @Table(name = "usr_usuarios")
    public class Usuario {

        @Id
        @GeneratedValue(strategy = GenerationType.IDENTITY)
        @Column(name = "usr_id")
        private Long id;

        @Column(name = "usr_email", nullable = false, length = 100)
        @NotNull(message = "O email é obrigatório")
        @Length(min = 5, max = 100, message = "O email deve conter entre 5 e 100 caracteres.")
        private String email;

        @Column(name = "usr_senha", nullable = false, length = 100)
        @NotNull(message = "A senha é obrigatório")
        private String senha;

        public Long getId() {
            return id;
        }

        public void setId(Long id) {
            this.id = id;
        }

        public String getEmail() {
            return email;
        }

        public void setEmail(String email) {
            this.email = email;
        }

        public String getSenha() {
            return senha;
        }

        public void setSenha(String senha) {
            this.senha = senha;
        }
}

用户存储库：

public interface RepositorioUsuario extends JpaRepository<Usuario, Long> {

    Usuario findByEmail(String email);
}

安全配置：

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    @Autowired
    private BCryptPasswordEncoder passwordEncoder;

    @Autowired
    private DataSource dataSource;

    @Value("${spring.queries.users-query}")
    private String userQuery;

    @Value("${spring.queries.roles-query")
    private String roleQuery;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{
        auth
        .jdbcAuthentication().usersByUsernameQuery(userQuery)
        .authoritiesByUsernameQuery(roleQuery)
        .dataSource(dataSource)
        .passwordEncoder(passwordEncoder);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception{
        http
            .authorizeRequests()
            .antMatchers("/login").permitAll()
            .antMatchers("/registration").permitAll()
            .anyRequest()
                .authenticated()
                    .and().csrf().disable()
                .formLogin()
                    .loginPage("/login").failureUrl("/login?error=true").defaultSuccessUrl("/")
                    .usernameParameter("email").passwordParameter("senha")
                .and().logout()
                    .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login");
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/webjars/**");
    }

application.properties：

# Thymeleaf
spring.thymeleaf.mode=HTML
spring.thymeleaf.cache=false

# Spring Data
spring.datasource.url=jdbc:mysql://localhost:3306/tw_gerenciador_tarefas?useTimezone=true&serverTimezone=UTC
spring.datasource.username=root
spring.datasource.password=
spring.jpa.hibernate.ddl-auto=update

# TomCat
server.port = 8090

# SpringSecurity
spring.queries.users-query=SELECT usr_email AS username, usr_senha AS password, 1 AS active FROM usr_usuarios WHERE usr_email=?
spring.queries.roles-query=SELECT usr_email AS username, 'ROLE_USER' AS role FROM usr_usuarios WHERE usr_email=?

帐户控制器：

public class ContaController {

    @Autowired
    private ServicoUsuario servicoUsuario;

    @GetMapping("/login")
    public String login() {
        return "conta/login";
    }
}

登录页面：

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="/webjars/bootstrap/css/bootstrap.min.css">
</head>
<body>
    <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
        <a class="navbar-brand" href="#">Gerenciador de tarefas</a>
    </nav>

    <div class="container">
        <h3>Login</h3>
        <form action="/login" method="post" class="form-signin">
            <div class="form-group">
                <div class="col-md-9">
                        <input type="text" class="form-control" placeholder="E-mail" name="email">
                </div>
            </div>
            <div class="form-group">
                <div class="col-md-9">
                        <input type="password" class="form-control" placeholder="Senha" name="senha">
                </div>
            </div>
            <div class="form-group">
                <button type="submit" class="btn btn-primary">Login</button>
            </div>
            <div class=form-group>
                <div class="col-md-9">
                    <div class="alert alert-danger" role="alert" th:if="${param.error}">
                        Não foi possivel fazer login
                    </div>
                </div>
            </div>
            <div class=form-group>
                <span>Não possui conta? <a href="/registration">Registra-se</a></span>
            </div>
        </form>
    </div>
    <script src="/webjars/jquery/3.4.1/jquery.min.js"></script>
    <script src="/webjars/bootstrap/js/bootstrap.min.js"></script>
</body>
</html>

错误消息：

  

org.springframework.security.authentication.InternalAuthenticationServiceException：PreparedStatementCallback; SQL [$ {spring.queries.roles-query];参数索引超出范围（1>参数数量，即0）。嵌套的异常是java.sql.SQLException：参数索引超出范围（1>参数数量，即0）。       在org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser（DaoAuthenticationProvider.java:123）〜[spring-security-core-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate（AbstractUserDetailsAuthenticationProvider.java:144）〜[spring-security-core-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.authentication.ProviderManager.authenticate（ProviderManager.java:175）〜[spring-security-core-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.authentication.ProviderManager.authenticate（ProviderManager.java:200）〜[spring-security-core-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication（UsernamePasswordAuthenticationFilter.java:94）〜[spring-security-web-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter（AbstractAuthenticationProcessingFilter.java:212）〜[spring-security-web-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter（FilterChainProxy.java:334）[spring-security-web-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.web.authentication.logout.LogoutFilter.doFilter（LogoutFilter.java:116）[spring-security-web-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter（FilterChainProxy.java:334）[spring-security-web-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal（HeaderWriterFilter.java:74）[spring-security-web-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.web.filter.OncePerRequestFilter.doFilter（OncePerRequestFilter.java:109）[spring-web-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter（FilterChainProxy.java:334）[spring-security-web-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter（SecurityContextPersistenceFilter.java:105）[spring-security-web-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter（FilterChainProxy.java:334）[spring-security-web-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal（WebAsyncManagerIntegrationFilter.java:56）[spring-security-web-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.web.filter.OncePerRequestFilter.doFilter（OncePerRequestFilter.java:109）[spring-web-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter（FilterChainProxy.java:334）[spring-security-web-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.web.FilterChainProxy.doFilterInternal（FilterChainProxy.java:215）[spring-security-web-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.web.FilterChainProxy.doFilter（FilterChainProxy.java:178）[spring-security-web-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate（DelegatingFilterProxy.java:357）[spring-web-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.web.filter.DelegatingFilterProxy.doFilter（DelegatingFilterProxy.java:270）[spring-web-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.apache.catalina.core.ApplicationFilterChain.internalDoFilter（ApplicationFilterChain.java:193）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.catalina.core.ApplicationFilterChain.doFilter（ApplicationFilterChain.java:166）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.springframework.web.filter.RequestContextFilter.doFilterInternal（RequestContextFilter.java:99）[spring-web-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.web.filter.OncePerRequestFilter.doFilter（OncePerRequestFilter.java:109）[spring-web-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.apache.catalina.core.ApplicationFilterChain.internalDoFilter（ApplicationFilterChain.java:193）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.catalina.core.ApplicationFilterChain.doFilter（ApplicationFilterChain.java:166）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.springframework.web.filter.FormContentFilter.doFilterInternal（FormContentFilter.java:92）[spring-web-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.web.filter.OncePerRequestFilter.doFilter（OncePerRequestFilter.java:109）[spring-web-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.apache.catalina.core.ApplicationFilterChain.internalDoFilter（ApplicationFilterChain.java:193）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.catalina.core.ApplicationFilterChain.doFilter（ApplicationFilterChain.java:166）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal（HiddenHttpMethodFilter.java:93）[spring-web-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.web.filter.OncePerRequestFilter.doFilter（OncePerRequestFilter.java:109）[spring-web-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.apache.catalina.core.ApplicationFilterChain.internalDoFilter（ApplicationFilterChain.java:193）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.catalina.core.ApplicationFilterChain.doFilter（ApplicationFilterChain.java:166）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal（CharacterEncodingFilter.java:200）[spring-web-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.web.filter.OncePerRequestFilter.doFilter（OncePerRequestFilter.java:109）[spring-web-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.apache.catalina.core.ApplicationFilterChain.internalDoFilter（ApplicationFilterChain.java:193）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.catalina.core.ApplicationFilterChain.doFilter（ApplicationFilterChain.java:166）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.catalina.core.StandardWrapperValve.invoke（StandardWrapperValve.java:202）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.catalina.core.StandardContextValve.invoke（StandardContextValve.java:96）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.catalina.authenticator.AuthenticatorBase.invoke（AuthenticatorBase.java:490）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.catalina.core.StandardHostValve.invoke（StandardHostValve.java:139）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.catalina.valves.ErrorReportValve.invoke（ErrorReportValve.java:92）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.catalina.core.StandardEngineValve.invoke（StandardEngineValve.java:74）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.catalina.connector.CoyoteAdapter.service（CoyoteAdapter.java:343）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.coyote.http11.Http11Processor.service（Http11Processor.java:408）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.coyote.AbstractProcessorLight.process（AbstractProcessorLight.java:66）上[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.coyote.AbstractProtocol $ ConnectionHandler.process（AbstractProtocol.java:853）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.tomcat.util.net.NioEndpoint $ SocketProcessor.doRun（NioEndpoint.java:1587）[tomcat-embed-core-9.0.21.jar：9.0.21]       在org.apache.tomcat.util.net.SocketProcessorBase.run（SocketProcessorBase.java:49）上[tomcat-embed-core-9.0.21.jar：9.0.21]       在java.util.concurrent.ThreadPoolExecutor.runWorker（ThreadPoolExecutor.java:1149）[na：1.8.0_211]       在java.util.concurrent.ThreadPoolExecutor $ Worker.run（ThreadPoolExecutor.java:624）[na：1.8.0_211]       在org.apache.tomcat.util.threads.TaskThread $ WrappingRunnable.run（TaskThread.java:61）[tomcat-embed-core-9.0.21.jar：9.0.21]       在java.lang.Thread.run（Thread.java:748）[na：1.8.0_211]   由以下原因引起：org.springframework.dao.TransientDataAccessResourceException：PreparedStatementCallback; SQL [$ {spring.queries.roles-query];参数索引超出范围（1>参数数量，即0）。嵌套的异常是java.sql.SQLException：参数索引超出范围（1>参数数量，即0）。       在org.springframework.jdbc.support.SQLStateSQLExceptionTranslator.doTranslate（SQLStateSQLExceptionTranslator.java:110）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate（AbstractFallbackSQLExceptionTranslator.java:72）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate（AbstractFallbackSQLExceptionTranslator.java:81）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate（AbstractFallbackSQLExceptionTranslator.java:81）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.core.JdbcTemplate.translateException（JdbcTemplate.java:1442）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.core.JdbcTemplate.execute（JdbcTemplate.java:632）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.core.JdbcTemplate.query（JdbcTemplate.java:668）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.core.JdbcTemplate.query（JdbcTemplate.java:699）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.core.JdbcTemplate.query（JdbcTemplate.java:711）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.core.JdbcTemplate.query（JdbcTemplate.java:762）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl.loadUserAuthorities（JdbcDaoImpl.java:248）〜[spring-security-core-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl.loadUserByUsername（JdbcDaoImpl.java:199）〜[spring-security-core-5.1.5.RELEASE.jar：5.1.5.RELEASE]       在org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser（DaoAuthenticationProvider.java:108）〜[spring-security-core-5.1.5.RELEASE.jar：5.1.5.RELEASE]       ...省略了54个通用框架   引起原因：java.sql.SQLException：参数索引超出范围（1>参数数量，为0）。       在com.mysql.cj.jdbc.exceptions.SQLError.createSQLException（SQLError.java:129）〜[mysql-connector-java-8.0.16.jar：8.0.16]       在com.mysql.cj.jdbc.exceptions.SQLError.createSQLException（SQLError.java:97）〜[mysql-connector-java-8.0.16.jar：8.0.16]       在com.mysql.cj.jdbc.exceptions.SQLError.createSQLException（SQLError.java:89）〜[mysql-connector-java-8.0.16.jar：8.0.16]       在com.mysql.cj.jdbc.exceptions.SQLError.createSQLException（SQLError.java:63）〜[mysql-connector-java-8.0.16.jar：8.0.16]       在com.mysql.cj.jdbc.ClientPreparedStatement.checkBounds（ClientPreparedStatement.java:1370）〜[mysql-connector-java-8.0.16.jar：8.0.16]       在com.mysql.cj.jdbc.ClientPreparedStatement.getCoreParameterIndex（ClientPreparedStatement.java:1383）〜[mysql-connector-java-8.0.16.jar：8.0.16]       在com.mysql.cj.jdbc.ClientPreparedStatement.setString（ClientPreparedStatement.java:1750）〜[mysql-connector-java-8.0.16.jar：8.0.16]       在com.zaxxer.hikari.pool.HikariProxyPreparedStatement.setString（HikariProxyPreparedStatement.java）〜[HikariCP-3.2.0.jar：na]       在org.springframework.jdbc.core.StatementCreatorUtils.setValue（StatementCreatorUtils.java:400）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.core.StatementCreatorUtils.setParameterValueInternal（StatementCreatorUtils.java:232）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.core.StatementCreatorUtils.setParameterValue（StatementCreatorUtils.java:163）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.core.ArgumentPreparedStatementSetter.doSetValue（ArgumentPreparedStatementSetter.java:69）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.core.ArgumentPreparedStatementSetter.setValues（ArgumentPreparedStatementSetter.java:50）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.core.JdbcTemplate $ 1.doInPreparedStatement（JdbcTemplate.java:675）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       在org.springframework.jdbc.core.JdbcTemplate.execute（JdbcTemplate.java:616）〜[spring-jdbc-5.1.8.RELEASE.jar：5.1.8.RELEASE]       ...省略了61个共同的框架

Answer 1

这里。您在}的末尾错过了spring.queries.roles-query：

@Value("${spring.queries.roles-query")
private String roleQuery;

应该是：

@Value("${spring.queries.roles-query}")
private String roleQuery;