Java Spring security不允许用户登录,它不显示任何错误
一旦用户导航到登录页面,无论使用正确或错误的用户名和密码,Spring Security都会显示以下错误消息。我复习了以下问题,但仍然有相同的错误 我正在使用Java Spring security不允许用户登录,它不显示任何错误,java,spring,hibernate,spring-mvc,spring-security,Java,Spring,Hibernate,Spring Mvc,Spring Security,一旦用户导航到登录页面,无论使用正确或错误的用户名和密码,Spring Security都会显示以下错误消息。我复习了以下问题,但仍然有相同的错误 我正在使用BCryptPasswordEncoder,对新用户的密码进行编码 LoginForm <c:if test="${not empty SPRING_SECURITY_LAST_EXCEPTION}"> <font color="red"> Your login attempt was not
BCryptPasswordEncoder
,对新用户的密码进行编码
LoginForm
<c:if test="${not empty SPRING_SECURITY_LAST_EXCEPTION}">
<font color="red"> Your login attempt was not successful due
to <br />
<br /> <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />.
</font>
</c:if>
<c:if test="${not empty param.error}">
Invalid username and password.
</c:if>
<c:if test="${not empty error}">
<div class="error">${error}</div>
</c:if>
<c:if test="${not empty msg}">
<div class="msg">${msg}</div>
</c:if>
<form id="form-login" role="form" method="post"
action="<c:url value='/j_spring_security_check' />"
class="relative form form-default">
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" />
您的登录尝试未成功,原因是
到
。
无效的用户名和密码。
${error}
${msg}
myservlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:oxm="http://www.springframework.org/schema/oxm" xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd
http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm-3.2.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:8889/Project" />
<property name="username" value="test1" />
<property name="password" value="test1" />
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean"
depends-on="dataSource">
<property name="dataSource" ref="dataSource" />
<property name="packagesToScan" value="com.projec.model" />
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
<prop key="hibernate.format_sql">true</prop>
<prop key="hibernate.use_sql_comments">true</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.hbm2ddl.auto">update</prop>
</props>
</property>
</bean>
<bean id="transactionManager"
class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory"></property>
</bean>
<tx:advice id="txAdvice" transaction-manager="transactionManager">
<tx:attributes>
<tx:method name="get*" read-only="true" />
<tx:method name="find*" read-only="true" />
<tx:method name="*" />
</tx:attributes>
</tx:advice>
<aop:config>
<aop:pointcut id="userServicePointCut"
expression="execution(* com.project.service.*Service.*(..))" />
<aop:advisor advice-ref="txAdvice" pointcut-ref="userServicePointCut" />
</aop:config>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<beans:import resource='login-service.xml' />
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/member**" access="hasRole('ROLE_MEMBER')" />
<intercept-url pattern="/signin" access="permitAll" />
<access-denied-handler error-page="/403" />
<form-login login-page="/signin" default-target-url="/index"
authentication-failure-url="/signin?error" username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf />
</http>
<authentication-manager>
<authentication-provider user-service-ref="myMemberDetailsService">
<password-encoder hash="bcrypt" />
</authentication-provider>
</authentication-manager>
</beans:beans>
org.hibernate.dialogue.mysqldialogue
真的
真的
真的
更新
spring security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:oxm="http://www.springframework.org/schema/oxm" xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd
http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm-3.2.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:8889/Project" />
<property name="username" value="test1" />
<property name="password" value="test1" />
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean"
depends-on="dataSource">
<property name="dataSource" ref="dataSource" />
<property name="packagesToScan" value="com.projec.model" />
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
<prop key="hibernate.format_sql">true</prop>
<prop key="hibernate.use_sql_comments">true</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.hbm2ddl.auto">update</prop>
</props>
</property>
</bean>
<bean id="transactionManager"
class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory"></property>
</bean>
<tx:advice id="txAdvice" transaction-manager="transactionManager">
<tx:attributes>
<tx:method name="get*" read-only="true" />
<tx:method name="find*" read-only="true" />
<tx:method name="*" />
</tx:attributes>
</tx:advice>
<aop:config>
<aop:pointcut id="userServicePointCut"
expression="execution(* com.project.service.*Service.*(..))" />
<aop:advisor advice-ref="txAdvice" pointcut-ref="userServicePointCut" />
</aop:config>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<beans:import resource='login-service.xml' />
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/member**" access="hasRole('ROLE_MEMBER')" />
<intercept-url pattern="/signin" access="permitAll" />
<access-denied-handler error-page="/403" />
<form-login login-page="/signin" default-target-url="/index"
authentication-failure-url="/signin?error" username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf />
</http>
<authentication-manager>
<authentication-provider user-service-ref="myMemberDetailsService">
<password-encoder hash="bcrypt" />
</authentication-provider>
</authentication-manager>
</beans:beans>
MyMemberDetailsService
@Service
public class MyMemberDetailsService implements UserDetailsService {
private MemberRepository memberRep;
@Override
public UserDetails loadUserByUsername(final String username)
throws UsernameNotFoundException {
Member member = memberRep.findByUserName(username);
HashSet<String> roles = new HashSet<String>();
roles.add("ROLE_MEMBER");
List<GrantedAuthority> authorities = buildUserAuthority(roles);
return buildUserForAuthentication(member, authorities);
}
private User buildUserForAuthentication(Member member,
List<GrantedAuthority> authorities) {
return new User(member.getUsername(), member.getPassword(),
member.isEnabled(), true, true, true, authorities);
}
private List<GrantedAuthority> buildUserAuthority(Set<String> userRoles) {
Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
for (String userRole : userRoles) {
setAuths.add(new SimpleGrantedAuthority(userRole));
}
List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(
setAuths);
return Result;
}
}
@服务
公共类MyMemberDetailsService实现UserDetailsService{
私人会员库会员代表;
@凌驾
public UserDetails loadUserByUsername(最终字符串用户名)
抛出UsernameNotFoundException{
Member Member=memberRep.findByUserName(用户名);
HashSet roles=新HashSet();
角色。添加(“角色成员”);
列表权限=buildUserAuthority(角色);
返回buildUserForAuthentication(成员、权限);
}
私人用户buildUserForAuthentication(成员,
(主管当局名单){
返回新用户(member.getUsername(),member.getPassword(),
member.isEnabled(),true,true,true,authorities);
}
私有列表buildUserAuthority(设置用户角色){
Set setAuths=new HashSet();
for(字符串userRole:userRoles){
添加(新的SimpleGrantedAuthority(userRole));
}
列表结果=新建ArrayList(
setAuths);
返回结果;
}
}
春季版
<spring.security.version>3.2.3.RELEASE</spring.security.version>
<spring.version>3.2.8.RELEASE</spring.version>
3.2.3.1版本
3.2.8.1发布
您将登录页面配置为
<form-login login-page="/signin" default-target-url="/index"
authentication-failure-url="/signin?error" username-parameter="username"
password-parameter="password" />
但是您的表单post操作是:
它应该像下面这样
<form method="POST" action="@{/signin}" role="form">
<label for="username">Username</label>
<input type="text" id="username" name="username"/>
<label for="password">Password</label>
<input type="password" id="password" name="password"/>
<div class="form-actions">
<button type="submit" class="btn">Log in</button>
</div>
</form>
用户名
密码
登录
检查的详细信息。看起来您正在使用UserDetailsService的自定义实现。您能提供MemberDetailsService的代码吗?@greyfox我刚刚包括了UserDetailsService感谢,因为您使用的是spring security 3.2.x-默认表单操作url应该是
/login
(而不是j_spring\u security\u check
)@当我使用/login时,它重定向到/login并显示404错误。您正在使用/j_spring_security_check发布您的登录表单。尝试使用自定义登录(/sigin)页面。您添加了两次method=“post”。