Java Spring安全登录问题-
我对Spring/Spring安全性相当陌生,我已经尽了最大努力解决这个问题,但我似乎一次又一次地做不好。问题如下:登录无法正常工作-即使使用正确的凭据,它也会不断告诉您这些凭据似乎不正确。 我使用的是SpringSecurity和SpringMVC+OracleHibernate+jpa。我真的很感激任何帮助,提前非常感谢 这是我的配置文件。零件Java Spring安全登录问题-,java,spring,spring-security,Java,Spring,Spring Security,我对Spring/Spring安全性相当陌生,我已经尽了最大努力解决这个问题,但我似乎一次又一次地做不好。问题如下:登录无法正常工作-即使使用正确的凭据,它也会不断告诉您这些凭据似乎不正确。 我使用的是SpringSecurity和SpringMVC+OracleHibernate+jpa。我真的很感激任何帮助,提前非常感谢 这是我的配置文件。零件 1. security.xml <http auto-config="true"> <intercept-url pat
1. security.xml
<http auto-config="true">
<intercept-url pattern="/welcome*" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
</http>
<!-- <password-encoder hash="md5" /> -->
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
SELECT username, password, 'TRUE'
FROM users WHERE username=?"
authorities-by-username-query="
SELECT u.username, ur.authority FROM users u, user_roles ur
WHERE u.user_id = ur.user_id AND u.username=? " />
</authentication-provider>
</authentication-manager>
2. web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3. data.xml
<!-- Transaction managing using the @Transactional annotation -->
<tx:annotation-driven transaction-manager="transactionManager" />
<!-- Transaction Manager -->
<bean id="transactionManager"
class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basenames">
<list>
<value>msgs</value>
</list>
</property>
<property name="defaultEncoding" value="UTF-8" />
</bean>
<!-- ////////////////////////////////////////////////////////////////////////// -->
<bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
p:location="/WEB-INF/jdbc.properties"/>
<!-- ////////////////////////////////////////////////////////////////////////// "-->
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"
destroy-method="close">
<property name="driverClass" value="${jdbc.driverClassName}" />
<property name="jdbcUrl" value="${jdbc.databaseurl}" />
<property name="user" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
</bean>
<!-- ////////////////////////////////////////////////////////////////////////// -->
<!-- Hibernate SessionFactory configuration -->
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="packagesToScan" value="com.tsystems.javaschool.kts.domain" />
<property name="hibernateProperties">
<props>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.dialect">${jdbc.dialect}</prop>
<prop key="hibernate.connection.charSet">UTF-8</prop>
</props>
</property>
</bean>
现在很难看出错误,但我可以为您提供一些适用于我的示例: web.xml的一部分:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
您的web.XML中是否包含XML文件security.XML web.XML的另一部分
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/security-config.xml</param-value>
</context-param>
security-config.xml数据的一部分是shema,角色和用户是表:
<http auto-config='true'>
<intercept-url pattern="/login**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_GUEST, ROLE_ADMIN" />
<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=t"/>
<logout logout-success-url="/login.jsp?logout=t"/>
</http>
<authentication-manager>
<authentication-provider>
<password-encoder hash="md5"/>
<jdbc-user-service data-source-ref="ds" authorities-by-username-query="select USERNAME as username, ROLE as authority from DATA.ROLE where USERNAME=?"
users-by-username-query="select USERNAME as username, PASSWORD as password, 'true' AS enabled from DATA.USER where USERNAME=?"/>
</authentication-provider>
</authentication-manager>
和JSP页面login.JSP的一部分:
<c:when test="${param.logout == 't'}">
// show when I logout
.......
</c:when>
<c:when test="${param.login_error == 't'}">
// show when username or password is not correct
.......
</c:when>
<c:otherwise>
.....
<form method="POST" action="<%= response.encodeURL(request.getContextPath() + "/j_spring_security_check") %>" >
......
<input class="input" type="text" name="j_username" />
......
<input class="input" type="password" name="j_password" />
.....
<input type="submit" value="Login" name="Login" />
.....
</c:otherwise>
如果仍然不愿意,请写在这里。您也可以发布您的登录jsp页面吗?您在日志中看到select user查询了吗?当然,您在这里做了什么来尝试解决这个问题?如果您列出您可以避免我们建议您已经尝试过的内容。对不起,它应该如何显示在日志中?尝试重新组织数据库、修改验证提供程序中的查询、更改数据源。另外,如果这是相关的,我在security.xml中有一个警告,指出找不到名为dataSource的bean。