嘿,我的基于springsecurity的登录有点混乱
我不断收到错误“凭据错误”
这是我的用户表:
![Usertable] [1]
这是来自applicationContext的dataSource:
<!-- database driver/location --> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="com.mysql.jdbc.Driver" /> <property name="url" value="jdbc:mysql://localhost:3306/ams" /> <property name="username" value="root" /> <property name="password" value="root" /> </bean>
和我的securityContext:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:security="http://www.springframework.org/schema/security" xmlns:tx="http://www.springframework.org/schema/tx" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <!-- <security:http auto-config="true" access-decision-manager-ref="accessDecisionManager"> --> <security:http auto-config="true"> <security:intercept-url pattern="/login/login.do" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/login/doLogin.do" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/lib/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" /> <security:form-login login-page="/login/login.do" authentication-failure-url="/login/login.do?login_error=true" default-target-url="/test/showTest.do"/> <security:logout logout-success-url="/login/login.do" invalidate-session="true" /> <security:remember-me key="rememberMe"/> </security:http> <security:authentication-manager> <security:authentication-provider> <security:jdbc-user-service data-source-ref="dataSource" users-by-username-query="select USERNAME as username, PASSWORD as password, DELETED as deleted from ams.user where USERNAME=?" authorities-by-username-query=" select distinct user.USERNAME as username, permission.NAME as authority from scu.user, scu.user_role, scu.role, scu.role_permission, scu.permission where user.ID=user_role.USER_ID AND user_role.ROLE_ID=role_permission.ROLE_ID AND role_permission.PERMISSION_ID=permission.ID AND user.USERNAME=?"/> <!-- security:password-encoder ref="passwordEncoder" /> --> </security:authentication-provider> </security:authentication-manager> <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"> <constructor-arg value="256" /> </bean> </beans>
当我尝试使用admin和init01登录时
它给了我错误的错误凭据… =(
任何建议表示赞赏!
password-encoder您的参考authentication-provider已被注释掉。如果您使用的是哈希密码,则需要一个密码编码器(应该如此)。还要检查此答案,特别是关于编写测试的第2点,以确保您使用的密码编码器与您存储在数据库中的密码编码器匹配。
password-encoder
authentication-provider
您可能还想检查有关使用bcrypt作为普通SHA哈希的更安全替代方法的答案。