java - 数据库中超过一个用户的 Spring Security 身份验证不起作用

Question

Spring Security 3.0 + PostgreSql

当我创建第一个用户并登录后，身份验证工作正常。

问题:在我创建另一个用户并尝试登录后，我收到用户名或密码错误的验证错误；

这是 xml 配置:

<b:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:b="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <global-method-security pre-post-annotations="enabled">
        <expression-handler ref="expressionHandler"/>
    </global-method-security>

    <http realm="Facebook"> 
        <intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
         <intercept-url pattern="/register" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/**" access="ROLE_USER"/>

        <form-login login-page="/login" authentication-failure-url="/login?login_error=1"/>
        <http-basic/>
        <logout />
        <custom-filter ref="switchUserProcessingFilter" position="SWITCH_USER_FILTER"/>
    </http>

    <b:bean id="daoAuthenticationProvider"
        class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <!-- b:property name="saltSource" ref="saltSource"/>
        <b:property name="passwordEncoder" ref="passwordEncoder"/> -->
        <b:property name="userDetailsService" ref="userDetailsService"/>
    </b:bean>

    <b:bean id="authenticationManager"
        class="org.springframework.security.authentication.ProviderManager">
      <b:property name="providers">
        <b:list>
          <b:ref local="daoAuthenticationProvider" />
        </b:list>
      </b:property>
    </b:bean>

    <authentication-manager>
      <authentication-provider user-service-ref="userDetailsService">
        <password-encoder hash="md5"/>
      </authentication-provider>
    </authentication-manager>




    <b:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>


    <b:bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter" autowire="byType">
       <b:property name="targetUrl" value="/secure/index.htm"/>
    </b:bean>

    <b:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
        <b:property name="permissionEvaluator" ref="permissionEvaluator"/>
    </b:bean>

    <b:bean id="permissionEvaluator" class="org.springframework.security.acls.AclPermissionEvaluator">
        <b:constructor-arg ref="aclService"/>
    </b:bean>

</b:beans> 

这是记录器输出:

2011-12-19 17:45:50,545 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] - <Chain processed normally>
2011-12-19 17:45:50,545 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <SecurityContext contents are anonymous - c
ontext will not be stored in HttpSession. >
2011-12-19 17:45:50,558 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] - <SecurityContextHolder now cleared, as request
processing completed>
2011-12-19 17:46:06,668 DEBUG [org.springframework.security.web.FilterChainProxy] - <Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_
spring_security_check'>
2011-12-19 17:46:06,669 DEBUG [org.springframework.security.web.FilterChainProxy] - <Candidate is: '/j_spring_security_check'; pattern is /**; matched=true
>
2011-12-19 17:46:06,669 DEBUG [org.springframework.security.web.FilterChainProxy] - </j_spring_security_check at position 1 of 11 in additional filter chai
n; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@7f69378d'>
2011-12-19 17:46:06,670 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <HttpSession returned null object for SPRIN
G_SECURITY_CONTEXT>
2    011-12-19 17:46:06,670 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <No SecurityContext was available from the
HttpSession: org.apache.catalina.session.StandardSessionFacade@ec139fb. A new one will be created.>
2011-12-19 17:46:06,671 DEBUG [org.springframework.security.web.FilterChainProxy] - </j_spring_security_check at position 2 of 11 in additional filter chai
n; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@47568bde'>
2011-12-19 17:46:06,671 DEBUG [org.springframework.security.web.FilterChainProxy] - </j_spring_security_check at position 3 of 11 in additional filter chai
n; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@2f8c069'>
2011-12-19 17:46:06,672 DEBUG [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] - <Request is to process authenticatio
n>
2011-12-19 17:46:06,672 DEBUG [org.springframework.security.authentication.ProviderManager] - <Authentication attempt using org.springframework.security.au
thentication.dao.DaoAuthenticationProvider>
Hibernate: select user0_.id as id2_, user0_.active as active2_, user0_.avatarLocation as avatarLo3_2_, user0_.registration_date as registra4_2_, user0_.ema
il as email2_, user0_.name as name2_, user0_.password as password2_, user0_.surname as surname2_, user0_.username as username2_ from Member user0_ limit ?
Hibernate: select wallposts0_.author_id as author2_2_1_, wallposts0_.id as id1_, wallposts0_.id as id1_0_, wallposts0_.author_id as author2_1_0_, wallposts
0_.creationDate as creation3_1_0_ from WallPost wallposts0_ where wallposts0_.author_id=?
Hibernate: select mesaje0_.author_id as author2_2_1_, mesaje0_.id as id1_, mesaje0_.id as id3_0_, mesaje0_.author_id as author2_3_0_, mesaje0_.content as c
ontent3_0_, mesaje0_.receiver_Id as receiver4_3_0_, mesaje0_.subject as subject3_0_, mesaje0_.wall_post_id as wall6_3_0_ from Message mesaje0_ where mesaje
0_.author_id=?
Hibernate: select authoritie0_.id as id2_1_, authoritie0_.authority_Id as authority2_1_, authority1_.authority_Id as authority1_4_0_, authority1_.authority
 as authority4_0_ from Member_Authorities authoritie0_ inner join Authorities authority1_ on authoritie0_.authority_Id=authority1_.authority_Id where autho
ritie0_.id=?
Hibernate: select wallposts0_.author_id as author2_2_1_, wallposts0_.id as id1_, wallposts0_.id as id1_0_, wallposts0_.author_id as author2_1_0_, wallposts
0_.creationDate as creation3_1_0_ from WallPost wallposts0_ where wallposts0_.author_id=?
Hibernate: select mesaje0_.author_id as author2_2_1_, mesaje0_.id as id1_, mesaje0_.id as id3_0_, mesaje0_.author_id as author2_3_0_, mesaje0_.content as c
ontent3_0_, mesaje0_.receiver_Id as receiver4_3_0_, mesaje0_.subject as subject3_0_, mesaje0_.wall_post_id as wall6_3_0_ from Message mesaje0_ where mesaje
0_.author_id=?
Hibernate: select authoritie0_.id as id2_1_, authoritie0_.authority_Id as authority2_1_, authority1_.authority_Id as authority1_4_0_, authority1_.authority
 as authority4_0_ from Member_Authorities authoritie0_ inner join Authorities authority1_ on authoritie0_.authority_Id=authority1_.authority_Id where autho
ritie0_.id=?
2011-12-19 17:46:06,836 WARN [org.springframework.security.authentication.event.LoggerListener] - <Authentication event AuthenticationFailureServiceExcepti
onEvent: gogu; details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 7A08BE43A052A
757AD35DB97351167A7; exception: result returns more than one elements>
2011-12-19 17:46:06,837 DEBUG [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] - <Authentication request failed: org.
springframework.security.authentication.AuthenticationServiceException: result returns more than one elements>
2011-12-19 17:46:06,838 DEBUG [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] - <Updated SecurityContextHolder to co
ntain null Authentication>
2011-12-19 17:46:06,838 DEBUG [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] - <Delegating to authentication failur
e handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@fdb5ed9>
2011-12-19 17:46:06,839 DEBUG [org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler] - <Redirecting to /login?login_error=
1>
2011-12-19 17:46:06,839 DEBUG [org.springframework.security.web.DefaultRedirectStrategy] - <Redirecting to '/facebook-1.0.0-SNAPSHOT/login?login_error=1'>
2011-12-19 17:46:06,839 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] - <SecurityContextHolder now cleared, as request
processing completed>
2011-12-19 17:46:06,842 DEBUG [org.springframework.security.web.FilterChainProxy] - <Converted URL to lowercase, from: '/login'; to: '/login'>
2011-12-19 17:46:06,842 DEBUG [org.springframework.security.web.FilterChainProxy] - <Candidate is: '/login'; pattern is /**; matched=true>
2011-12-19 17:46:06,843 DEBUG [org.springframework.security.web.FilterChainProxy] - </login?login_error=1 at position 1 of 11 in additional filter chain; f
iring Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@7f69378d'>
2011-12-19 17:46:06,843 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <HttpSession returned null object for SPRING_SECURITY_CONTEXT>

谢谢!

<小时/>

谢谢乔恩!是的，我的 UserDetailsS​​erviceImpl 有问题，因为当我使用 <jdbc-user-service data-source ref="myDataSource"/> 时效果很好。

UserDetailsS​​erviceImpl - loadUserByUsername(用户名):

导入org.springframework.security.core.userdetails.User;

…….. …… .

    @Override
    @Transactional(readOnly = true) 
public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException, DataAccessException {
    org.myapp.app.domain.User userEntity = userDao.getUserByName(username);
    if (userEntity == null)
      throw new UsernameNotFoundException("user not found");
    String password = userEntity.getPassword();
    Set<Authority> authorities = userEntity.getAuthorities();
    Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
     for (Authority authority : authorities) {
         grantedAuthorities.add(new GrantedAuthorityImpl(authority.getAuthority()));
    }  
    return new User(username, password, true, true, true, true, grantedAuthorities);

有人对 UserDetailsS​​erviceImpl 有类似的问题并可以给出提示

Answer 1

hibernate :

select 
    user0_.id as id2_, 
    user0_.active as active2_, 
    user0_.avatarLocation as avatarLo3_2_, 
    user0_.registration_date as registra4_2_, 
    user0_.email as email2_, 
    user0_.name as name2_, 
    user0_.password as password2_, 
    user0_.surname as surname2_, 
    user0_.username as username2_ 
from Member user0_ limit ?

您的用户请求似乎没有按名称过滤用户。检查您的 UserDetailsS​​ervice 实现。