我完成了一些教程并为自己构建了一个 Spring Security Login。 但每当我登录时,我都会从日志中收到以下错误:
2015-08-12 21:39:21 DEBUG DriverManagerDataSource:142 - Creating new JDBC DriverManager Connection to [jdbc:mysql://localhost:3306/sailplanner]
2015-08-12 21:39:21 TRACE StatementCreatorUtils:225 - Setting SQL statement parameter value: column index 1, parameter value [abc@gmail.com], value class [java.lang.String], SQL type unknown
2015-08-12 21:39:21 DEBUG DataSourceUtils:327 - Returning JDBC Connection to DataSource
2015-08-12 21:39:21 DEBUG JdbcTemplate:693 - Executing prepared SQL query
2015-08-12 21:39:21 DEBUG JdbcTemplate:627 - Executing prepared SQL statement [select u.email, ur.role from user_roles ur left outer join users u on (ur.user_id = u.id) where u.email=?]
2015-08-12 21:39:21 DEBUG DataSourceUtils:110 - Fetching JDBC Connection from DataSource
2015-08-12 21:39:21 DEBUG DriverManagerDataSource:142 - Creating new JDBC DriverManager Connection to [jdbc:mysql://localhost:3306/sailplanner]
2015-08-12 21:39:21 TRACE StatementCreatorUtils:225 - Setting SQL statement parameter value: column index 1, parameter value [1], value class [java.lang.String], SQL type unknown
2015-08-12 21:39:21 DEBUG DataSourceUtils:327 - Returning JDBC Connection to DataSource
2015-08-12 21:39:21 DEBUG JdbcUserDetailsManager:200 - User 'abc@gmail.com' has no authorities and will be treated as 'not found'
2015-08-12 21:39:21 DEBUG DaoAuthenticationProvider:147 - User 'abc@gmail.com' not found
当启动以下 SQL 请求时,我得到以下结果:
select u.email, ur.role from user_roles ur left outer join users u on (ur.user_id = u.id) where u.email="abc@gmail.com"
结果:
abc@gmail.com ROLE_USER
abc@gmail.com ROLE_ADMIN
我有以下 spring-secuity.xml 设置:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/inside**" access="hasRole('ROLE_USER')" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
login-processing-url="/j_spring_security_check"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<csrf/>
</http>
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select id, first_name, last_name, weight, email, password from users where email=?"
authorities-by-username-query=
"select u.email, ur.role from user_roles ur left outer join users u on (ur.user_id = u.id) where u.email=?"
/>
</authentication-provider>
</authentication-manager>
</beans:beans>
最佳答案
用户按用户名查询只需选择用户名、密码并启用。
权限按用户名查询不需要联接,权限是通过第二次选择获取的。
所以类似(假设您使用电子邮件作为用户名?)
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select email, password, true from users where email=?"
authorities-by-username-query=
"select u.email, ur.role from user_roles ur left outer join users u on (ur.user_id = u.id) where u.email=?"
/>
关于java - SpringSecurity 登录不工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31974172/