我正在尝试使用 jdbcAuthentication 使用自定义的“登录”页面登录。但是当我写用户名和密码时,spring正在返回禁止消息。我认为这不是检查数据库中的密码。我的问题是如何使用 jdbcAuthentication
检查用户名和密码我试图在授权用户时打开新页面。
SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Bean
@ConfigurationProperties("spring.datasource")
public DataSource ds(){
return DataSourceBuilder.create().build();
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/user_list").hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/login").usernameParameter("username").passwordParameter("password")
.permitAll()
.loginProcessingUrl("/doLogin")
.successForwardUrl("/user_list");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.jdbcAuthentication().dataSource(dataSource)
.authoritiesByUsernameQuery("select username, role from myusers where username = ?")
.usersByUsernameQuery("select username, password, 1 as enabled from myusers where username = ?");
}
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/jsp/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
}
MainController
@Controller
public class MainController {
@GetMapping("/login")
public String login() {
return "login";
}
@RequestMapping(value = "/user_list",method = RequestMethod.POST)
public String showUsers(){
return "user_list";
}
@RequestMapping("addUser")
public String addUser(){
return "user_list";
}
}
login.jsp
<h1><center>Give your login details</center></h1>
<form method="post" action="doLogin">
User name:<input type="text" name="username"><br>
Password:<input type="password" name="password"><br>
Submit <input type="submit" value="Submit">
</form>
如何检查数据库中用户的用户名和密码?预先感谢