我在 Spring Security 中使用 JDBC 身份验证。我在 MySQL 数据库中有两个用户名-密码对。
users
+----------+------------+---------+
| username | password | enabled |
+----------+------------+---------+
| murat | {noop}1a09 | 1 |
| test | {noop}123 | 1 |
+----------+------------+---------+
authorities
+----------+-----------+
| username | authority |
+----------+-----------+
| murat | USER |
+----------+-----------+
但只有第一对可以在登录时使用。第二个给出以下错误:
Your login attempt was not successful, try again.
Reason: Bad credentials
我尝试使用 Google Chrome 登录。但没有成功。
以下是授权代码:
package com.example.contactsapp.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import javax.sql.DataSource;
@Configuration
@EnableWebSecurity
public class ContactsAppSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource securityDataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(securityDataSource);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").authenticated()
.and()
.formLogin()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/logoutSuccessful");
}
}
最佳答案
请验证两件事:
1) 验证第二个用户是否具有与其关联的角色/权限。 2)删除第一个用户(以便数据库中仅存在一个用户)。查看安全性是否作为第二个用户传递。
关于java - Spring Security 身份验证仅适用于一个用户名和密码,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57895948/