使用jdbc-user-service时,我使用良好的凭据登录后收到403错误。然而,当尝试使用错误的凭据登录时,我会看到我的登录页面(这就是我们想要的)。
我通过使用通用用户服务在我的安全上下文中测试了http块,它工作正常。
请帮助我了解错误以及如何解决问题。还请解释一下线索给你的结论。
我包括我的代码。
我的客户表:
DROP TABLE IF EXISTS `customer`;
CREATE TABLE `customer` (
`client_id` int(7) unsigned NOT NULL AUTO_INCREMENT,
`client_name_first` varchar(40) NOT NULL,
`client_name_last` varchar(40) NOT NULL,
`client_name_middle_initial` char(1) DEFAULT NULL,
`client_phone_home` varchar(14) DEFAULT NULL,
`client_phone_cell` varchar(14) DEFAULT NULL,
`client_addr_shipping_line_one` varchar(80) NOT NULL,
`client_addr_shipping_line_two` varchar(80) DEFAULT NULL,
`client_addr_shipping_city` varchar(30) NOT NULL,
`client_addr_shipping_state` char(2) NOT NULL,
`client_addr_shipping_zip` char(5) NOT NULL,
`client_addr_shipping_country_code` char(2) NOT NULL DEFAULT 'US',
`client_addr_billing_line_one` varchar(80) NOT NULL,
`client_addr_billing_line_two` varchar(80) DEFAULT NULL,
`client_addr_billing_city` varchar(30) NOT NULL,
`client_addr_billing_state` char(2) NOT NULL,
`client_addr_billing_zip` char(5) NOT NULL,
`client_addr_billing_country_code` char(2) NOT NULL DEFAULT 'US',
`client_status_code` smallint(1) unsigned NOT NULL DEFAULT '0',
`client_date_created` date NOT NULL,
`client_email_address` varchar(60) NOT NULL,
`client_password` varchar(16) NOT NULL,
`enabled` tinyint(1) NOT NULL,
PRIMARY KEY (`client_id`,`client_email_address`),
UNIQUE KEY `idx_clientEmail` (`client_email_address`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=latin1;
当局
DROP TABLE IF EXISTS `authorities`;
CREATE TABLE `authorities` (
`client_email_address` varchar(60) NOT NULL,
`authority` varchar(50) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
我的安全背景
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true">
<intercept-url pattern="/members/*" access="ROLE_ADMIN" />
<form-login login-page="/login.xhtml" authentication-failure-url="/loginfailed.xhtml" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="mysqlDataSource"
users-by-username-query="
select client_email_address, client_password, enabled
from customer where client_email_address=?"
authorities-by-username-query="
select au.authority, c.client_email_address
from customer c, authorities au
where au.client_email_address = c.client_email_address and c.client_email_address =?"
/>
</authentication-provider>
</authentication-manager>
<!-- ================ OLD WAY ==================================================
<authentication-manager>
<authentication-provider>
<user-service>
<user name="rexryan" password="jets" authorities="ROLE_ADMIN" />
<user name="djeter" password="17684514" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
-->
</beans:beans>
我的auth bean
package security;
import java.io.IOException;
import javax.enterprise.context.RequestScoped;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.inject.Named;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@Named
@RequestScoped
public class AuthenticationBean {
public String doLogin() throws IOException, ServletException{
ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
RequestDispatcher dispatcher = ((ServletRequest) context.getRequest()).getRequestDispatcher("/j_spring_security_check");
dispatcher.forward((ServletRequest) context.getRequest(), (ServletResponse) context.getResponse());
FacesContext.getCurrentInstance().responseComplete();
return null;
}
public String doLogout() {
FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
return "/logout.xhtml";
}
}
我缩短的日志文件是:
INFO: [31/03/12 04:04:43:043 EDT] DEBUG context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed
INFO: [31/03/12 04:04:43:043 EDT] DEBUG intercept.FilterSecurityInterceptor: Secure object: FilterInvocation: URL: /members/index.xhtml; Attributes: [ROLE_ADMIN]
INFO: [31/03/12 04:04:43:043 EDT] DEBUG intercept.FilterSecurityInterceptor: Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ffff6aba: Principal: org.springframework.security.core.userdetails.User@ac78c08f: Username: webinspired@gmail.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: webinspired@gmail.com; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: a5bf43173b732a74bdeac9279de2; Granted Authorities: webinspired@gmail.com
INFO: [31/03/12 04:04:43:043 EDT] DEBUG vote.AffirmativeBased: Voter: org.springframework.security.access.vote.RoleVoter@44392c06, returned: -1
INFO: [31/03/12 04:04:43:043 EDT] DEBUG vote.AffirmativeBased: Voter: org.springframework.security.access.vote.AuthenticatedVoter@57960e8, returned: 0
INFO: [31/03/12 04:04:43:043 EDT] DEBUG access.ExceptionTranslationFilter: Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:849)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:746)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1045)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:228)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
INFO: [31/03/12 04:04:43:043 EDT] DEBUG context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed
答案 0 :(得分:0)
select au.authority, c.client_email_address
from customer c, authorities au
where au.client_email_address = c.client_email_address and c.client_email_address =?"
而不是这样你会尝试:
select c.client_email_address, au.authority,
from customer c, authorities au
where au.client_email_address = c.client_email_address and c.client_email_address =?"