Jakarta ee authenticationManager不检查密码
我的mysql表中有一个有效用户,用户名=alex,密码=123。 所以,当我尝试用错误的用户名登录时,比如bob、fred、pit等,一切正常 我收到认证错误。 但是,当我尝试使用有效的username=alex进行身份验证时,无论输入什么密码,它都将是“123”或“213”或“12af12”,我总是成功登录。我认为身份验证经理不会检查密码。你能帮助我吗? 这是我的消息来源: 安全配置.xmlJakarta ee authenticationManager不检查密码,jakarta-ee,jsf-2,spring-security,Jakarta Ee,Jsf 2,Spring Security,我的mysql表中有一个有效用户,用户名=alex,密码=123。 所以,当我尝试用错误的用户名登录时,比如bob、fred、pit等,一切正常 我收到认证错误。 但是,当我尝试使用有效的username=alex进行身份验证时,无论输入什么密码,它都将是“123”或“213”或“12af12”,我总是成功登录。我认为身份验证经理不会检查密码。你能帮助我吗? 这是我的消息来源: 安全配置.xml <security:http auto-config="true"> &
<security:http auto-config="true">
<security:form-login
login-page="/login.xhtml"
authentication-failure-url="/loginfailed.xhtml"
default-target-url="/succes.xhtml"
/>
<security:logout
logout-url="/app/logout"
logout-success-url="/app/main"
/>
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userService">
<!-- <security:password-encoder hash="md5" />-->
</security:authentication-provider>
UserEntity user = userService.loadUserEntityByUsername(userName);
认证服务:
@Service("userAuthenticationProviderServiceImpl")
public class UserAuthenticationProviderServiceImpl implements UserAuthenticationProviderService {
@Autowired
private AuthenticationManager authenticationManager;
/**
* Process user authentication
*
* @param user
* @return
*/
public boolean processUserAuthentication(UserEntity user) {
try {
Authentication request = new UsernamePasswordAuthenticationToken(user.getUserName(), user.getPassword());
Authentication authenticate = authenticationManager.authenticate(request);
if (authenticate.isAuthenticated()) {
SecurityContextHolder.getContext().setAuthentication(authenticate);
return true;
}
} catch(AuthenticationException e) {
FacesContext.getCurrentInstance().addMessage(null,
new FacesMessage(FacesMessage.SEVERITY_ERROR, e.getMessage(), "Sorry!"));
}
return false;
}
public AuthenticationManager getAuthenticationManager() {
return authenticationManager;
}
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
}
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui"
template="/WEB-INF/templates/general.xhtml">
<ui:define name="title"><h:outputText value="Please Sign In" /></ui:define>
<ui:define name="header"><h:outputText value="Please Sign In" /></ui:define>
<ui:define name="content">
<h:form id="loginForm" prependId="false">
<p:fieldset styleClass="fieldset" legend="Authentication Form">
<p:focus />
<p:messages id="messages" for="somekey" />
<p:growl id="growlMessages" showDetail="true" sticky="true" life="13000" globalOnly="true"/>
<h:panelGrid id="logPanelGrid" style="margin: 0 auto; margin-top: 25px; text-align: right" cellspacing="8" columns="3">
<h:panelGroup>
<h:outputText value="User Name:" />
<h:outputText style="color:red" value="* " />
</h:panelGroup>
<p:inputText id="userName" value="#{userManagedBean.userName}" required="true" label="User Name" title="Enter your User Name!" />
<h:panelGroup>
<p:message id="userNameMsg" for="userName" />
<p:tooltip for="userName" styleClass="tooltip" showEvent="focus" hideEvent="blur" />
</h:panelGroup>
<h:panelGroup>
<h:outputText value="Enter Password:" />
<h:outputText style="color:red" value="* " />
</h:panelGroup>
<p:password id="pass" value="#{userManagedBean.password}" required="true" label="Password" title="Please enter a password!" />
<h:panelGroup>
<p:message id="passMsg" for="pass" />
<p:tooltip for="pass" styleClass="tooltip" showEvent="focus" hideEvent="blur" />
</h:panelGroup>
<p:commandButton id="newUserButton" action="newUser" icon="ui-icon-plus" value="Sign Up" />
<p:commandButton id="submitButton" update="growlMessages,messages" action="#{userManagedBean.doLogin()}" value="SignIn" />
</h:panelGrid>
</p:fieldset>
</h:form>
</ui:define>
我认为,authenticate.isAuthenticated()中存在问题。无论输入什么密码,只要用户名有效,都会返回true
更新1:
添加我的用户实体
@Entity
@Table(name="appuser")
public class UserEntity {
@Id
@GeneratedValue
private Long id;
private String firstName;
private String lastName;
private String userName;
private String password;
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public String getLastName() {
return lastName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
PasswordEncoder crypto = new Md5PasswordEncoder();
this.password = crypto.encodePassword(password, null);
}
}
UserManagedBean
@Component
@ViewScoped
public class UserManagedBean {
public UserManagedBean(){
System.out.println("Just for test, usermanagedbean nstantiated");
}
@Inject
private UserService userService;
@Inject
private UserAuthenticationProviderServiceImpl userAuth;
private UserEntity user;
private String userName;
private String password;
private String isAuth;
public UserEntity getUser() {
return user;
}
public void setUser(UserEntity user) {
this.user = user;
}
public String getUserName() {
return userName;
}
public String getIsAuth() {
return isAuth;
}
public void setIsAuth(String isAuth) {
this.isAuth = isAuth;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String doLogin() {
UserEntity user = userService.loadUserEntityByUsername(userName);
FacesContext context = FacesContext.getCurrentInstance();
if (user == null){
System.out.println("user == null");
context.addMessage("somekey", new FacesMessage(FacesMessage.SEVERITY_ERROR, "Invalid Username or Password", "Invalid username or Password"));
return null;
}
boolean result = userAuth.processUserAuthentication(user);
if (result) {
context.addMessage(null, new FacesMessage("Login Info", "Succesfully login!"));
isAuthenticated();
return "OK";
} else {
System.out.println("ERRRROR");
}
return null;
}
public void isAuthenticated() {
if(SecurityContextHolder.getContext().getAuthentication() != null &&
SecurityContextHolder.getContext().getAuthentication().isAuthenticated()){
setIsAuth("OK");
}
}
}
登录页面:
@Service("userAuthenticationProviderServiceImpl")
public class UserAuthenticationProviderServiceImpl implements UserAuthenticationProviderService {
@Autowired
private AuthenticationManager authenticationManager;
/**
* Process user authentication
*
* @param user
* @return
*/
public boolean processUserAuthentication(UserEntity user) {
try {
Authentication request = new UsernamePasswordAuthenticationToken(user.getUserName(), user.getPassword());
Authentication authenticate = authenticationManager.authenticate(request);
if (authenticate.isAuthenticated()) {
SecurityContextHolder.getContext().setAuthentication(authenticate);
return true;
}
} catch(AuthenticationException e) {
FacesContext.getCurrentInstance().addMessage(null,
new FacesMessage(FacesMessage.SEVERITY_ERROR, e.getMessage(), "Sorry!"));
}
return false;
}
public AuthenticationManager getAuthenticationManager() {
return authenticationManager;
}
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
}
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui"
template="/WEB-INF/templates/general.xhtml">
<ui:define name="title"><h:outputText value="Please Sign In" /></ui:define>
<ui:define name="header"><h:outputText value="Please Sign In" /></ui:define>
<ui:define name="content">
<h:form id="loginForm" prependId="false">
<p:fieldset styleClass="fieldset" legend="Authentication Form">
<p:focus />
<p:messages id="messages" for="somekey" />
<p:growl id="growlMessages" showDetail="true" sticky="true" life="13000" globalOnly="true"/>
<h:panelGrid id="logPanelGrid" style="margin: 0 auto; margin-top: 25px; text-align: right" cellspacing="8" columns="3">
<h:panelGroup>
<h:outputText value="User Name:" />
<h:outputText style="color:red" value="* " />
</h:panelGroup>
<p:inputText id="userName" value="#{userManagedBean.userName}" required="true" label="User Name" title="Enter your User Name!" />
<h:panelGroup>
<p:message id="userNameMsg" for="userName" />
<p:tooltip for="userName" styleClass="tooltip" showEvent="focus" hideEvent="blur" />
</h:panelGroup>
<h:panelGroup>
<h:outputText value="Enter Password:" />
<h:outputText style="color:red" value="* " />
</h:panelGroup>
<p:password id="pass" value="#{userManagedBean.password}" required="true" label="Password" title="Please enter a password!" />
<h:panelGroup>
<p:message id="passMsg" for="pass" />
<p:tooltip for="pass" styleClass="tooltip" showEvent="focus" hideEvent="blur" />
</h:panelGroup>
<p:commandButton id="newUserButton" action="newUser" icon="ui-icon-plus" value="Sign Up" />
<p:commandButton id="submitButton" update="growlMessages,messages" action="#{userManagedBean.doLogin()}" value="SignIn" />
</h:panelGrid>
</p:fieldset>
</h:form>
</ui:define>
与
你觉得怎么样 你能发布你的用户类源代码吗?谢谢你的评论,我在我的帖子中添加了我的用户实体,你现在能帮我吗?什么是
userAuthenticationProviderServiceImpl
?好问题,我想没什么,它只是用于processUserAuthentication(UserEntity User)方法,将来我会把它们带到我的ManagedBean中,直接从我的login.xhtml页面(更新我的帖子,添加UserManagedBean和login页面)给他们打电话,你认为这是徒劳的吗?这不太令人放心:-)。也许你应该登录一下,看看它是否叫做。。。我不清楚你的应用程序在做什么,我也不太了解JSF。我建议您坚持使用标准(非JSF)的身份验证部分设置,直到您能够正常工作为止。
UserEntity user = userService.loadUserEntityByUsername(userName);
UserEntity user = new UserEntity();
user.setPassword(password);
user.setUserName(userName);