Spring Security JDBC身份验证登录用户错误

时间:2020-03-26 11:45:07

标签: java spring spring-boot authentication jdbc

我在修改代码时遇到问题。我有春季项目与列电子邮件,密码,活动用户。 现在我想做同样的事情,但是没有激活检查。将Spring Security更改为:

#SPRING SECURITY
spring.queries.users-query=select email, password from user where email=?
spring.queries.roles-query=select u.email, r.role from user u inner join user_role ur on(u.user_id=ur.user_id) inner join role r on(ur.role_id=r.role_id) where u.email=?

我的安全配置:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private BCryptPasswordEncoder bcp;

    @Autowired
    private DataSource ds;

    @Value("${spring.queries.users-query}")
    private String usersQuery;

    @Value("${spring.queries.roles-query}")
    private String rolesQuery;

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication().usersByUsernameQuery(usersQuery).authoritiesByUsernameQuery(rolesQuery).dataSource(ds)
                .passwordEncoder(bcp);
    }

    protected void configure(HttpSecurity httpSec) throws Exception {
        httpSec.authorizeRequests().antMatchers("/").permitAll().antMatchers("/login").permitAll()
                .antMatchers("/register").permitAll().antMatchers("//adduser").permitAll().antMatchers("/admin")
                .hasAuthority("ROLE_ADMIN").anyRequest().authenticated().and().csrf().disable().formLogin()
                .loginPage("/login").failureUrl("/login?error=true").defaultSuccessUrl("/").usernameParameter("email")
                .passwordParameter("password").and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/").and().exceptionHandling().accessDeniedPage("/denied");
    }

    public void configure(WebSecurity webSec) throws Exception {
        webSec.ignoring().antMatchers("/resources/**", "/statics/**", "/css/**", "/js/**", "/images/*", "/incl/**");
    }
}

登录时我有这样的异常:

[2020-03-26 12:30:09 ] [org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter][ERROR] An internal error occurred while trying to authenticate the user.
org.springframework.security.authentication.InternalAuthenticationServiceException: PreparedStatementCallback; SQL [select email, password from user where email=?]; Column Index out of range, 3 > 2. ; nested exception is java.sql.SQLException: Column Index out of range, 3 > 2.

请帮助,我需要做什么:(?

1 个答案:

答案 0 :(得分:0)

您需要将用户的查询更改为这样,使每个用户都处于活动状态(= 1),从而有效地忽略了活动检查。

spring.queries.users-query=select email, password, 1 from user where email=?
相关问题
最新问题