java - Spring Security 身份验证仅适用于一个用户名和密码

Question

我在 Spring Security 中使用 JDBC 身份验证。我在 MySQL 数据库中有两个用户名-密码对。

users
+----------+------------+---------+
| username | password   | enabled |
+----------+------------+---------+
| murat    | {noop}1a09 |       1 |
| test     | {noop}123  |       1 |
+----------+------------+---------+

authorities
+----------+-----------+
| username | authority |
+----------+-----------+
| murat    | USER      |
+----------+-----------+

但只有第一对可以在登录时使用。第二个给出以下错误:

Your login attempt was not successful, try again.

Reason: Bad credentials

我尝试使用 Google Chrome 登录。但没有成功。

以下是授权代码:

package com.example.contactsapp.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import javax.sql.DataSource;

@Configuration
@EnableWebSecurity
public class ContactsAppSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private DataSource securityDataSource;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication().dataSource(securityDataSource);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                    .antMatchers("/").authenticated()
                .and()
                    .formLogin()
                .and()
                    .logout()
                        .logoutUrl("/logout")
                        .logoutSuccessUrl("/logoutSuccessful");

    }
}

Answer 1

请验证两件事:

1) 验证第二个用户是否具有与其关联的角色/权限。 2)删除第一个用户(以便数据库中仅存在一个用户)。查看安全性是否作为第二个用户传递。