我不想为我的 spring security 使用表名 User,我想使用不同的表名 这是我到目前为止所做的:
这是我的 web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>application</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/application-servlet.xml, /WEB-INF/spring-security.xml</param-value>
</context-param>
<servlet-mapping>
<servlet-name>application</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>
log4jConfigLocation
</param-name>
<param-value>
/WEB-INF/log4j.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
</web-app>
这是我的 spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/account**" access="hasRole('ROLE_USER')" />
<form-login login-page="/login" default-target-url="/account"
login-processing-url="/j_spring_security_check"
username-parameter="emailAddress" password-parameter="password"
authentication-failure-url="/loginFailed" />
<logout logout-success-url="/logoff" />
<csrf/>
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service authorities-by-username-query="select emailAddress, role from customer_roles where emailAddress =? " users-by-username-query="select emailAddress,password from customer where emailAddress=?" data-source-ref="myDataSource"/>
</authentication-provider>
</authentication-manager>
</beans:beans>
这是我的 application-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
<!-- Enable @Controller annotation support -->
<mvc:annotation-driven />
<mvc:resources location="/WEB-INF/resources/" mapping="/resources/**" />
<!-- Map simple view name such as "test" into /WEB-INF/test.jsp -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
</bean>
<!-- Scan classpath for annotations (eg: @Service, @Repository etc) -->
<context:component-scan base-package="com.mysite"/>
<!-- JDBC Data Source. It is assumed you have MySQL running on localhost port 3306 with
username root and blank password. Change below if it's not the case -->
<bean id="myDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost:3306/mydb"/>
<property name="username" value="admin"/>
<property name="password" value="password"/>
<property name="validationQuery" value="SELECT 1"/>
</bean>
<!-- Hibernate Session Factory -->
<bean id="mySessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="myDataSource"/>
<property name="packagesToScan">
<array>
<value>com.NetVapeClub</value>
</array>
</property>
<property name="hibernateProperties">
<value>
hibernate.dialect=org.hibernate.dialect.MySQLDialect
</value>
</property>
</bean>
<!-- Hibernate Transaction Manager -->
<bean id="transactionManager" class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="mySessionFactory"/>
</bean>
<bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy"></bean>
<!-- Activates annotation based transaction management -->
<tx:annotation-driven transaction-manager="transactionManager"/>
</beans>
这是我的login.jsp
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ page session="false" %>
<jsp:include page="header.jsp" />
<body>
<div class="centerContainer">
<div class="leftBar">
<div class="devicesTab"><a href=#>Devices</a></div>
<div class="accessoriesTab"><a href=#>Accessories</a></div>
<div class="fluidsTab"><a href=#>Fluids</a></div>
<div class="socialMedia">
<img src="${pageContext.request.contextPath}/resources/img/facebook.png" /> <img src="${pageContext.request.contextPath}/resources/img/twitter.png" /> <img src="${pageContext.request.contextPath}/resources/img/google-plus.png" />
</div>
</div>
<div class="content">
<div class="login">
<h2>Please Login:</h2>
<form method="post" action="<c:url value='/j_spring_security_check' />">
<table>
<tr><td>Email Address:</td><td><input type="text" name="j_emailAddress" placeholder="Enter Email" /></td></tr>
<tr><td>Password:</td><td><input type="password" name="j_password" placeholder="Enter Password" /></td></tr>
<tr><td></td><td><input type="submit" value="Login" /></td></tr>
</table>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
</div>
</div>
</div>
<jsp:include page="footer.jsp" />
正如您所看到的,我想使用表 Name Customer 和 Customer_Roles,我将验证的字段是 emailAddress、密码和角色。我知道这些不是 spring 通常寻找的现成的表和字段,但我知道它可以用我自己的表结构来完成。
当我查看 springsecurity 调试日志时,我看到了以下内容:
2014-08-26 15:30:55,131 DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
2014-08-26 15:30:55,131 DEBUG: org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2014-08-26 15:30:55,162 DEBUG: org.springframework.security.provisioning.JdbcUserDetailsManager - Query returned no results for user ''
2014-08-26 15:30:55,166 DEBUG: org.springframework.security.authentication.dao.DaoAuthenticationProvider - User '' not found
2014-08-26 15:30:55,167 DEBUG: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
我传递的凭据是正确的,但我不确定断开连接的位置。有人可以帮我解释一下吗?
提前致谢
最佳答案
我认为您的表单字段中的名称错误。您已映射 spring 来查找“emailAddress”和“password”
<form-login login-page="/login" default-target-url="/account"
login-processing-url="/j_spring_security_check"
username-parameter="emailAddress" password-parameter="password"
authentication-failure-url="/loginFailed" />
但是在您的 jsp 文件中,您将输入设置为“j_emailAddress”和“j_pasword”
Email Address:</td><td><input type="text" name="j_emailAddress" placeholder="Enter Email" />
Password:</td><td><input type="password" name="j_password" placeholder="Enter Password" />
尝试从 jsp 文件中删除 j_ 前缀,或将用户名参数和密码参数更改为 j_emailAddress 和 j_password
关于java - Spring Security 使用正确的凭据无法进行身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25515059/