Java “春季安全”；身份验证失败：密码与存储值不匹配；使用DaoAuthenticationProvider_Java_Spring_Spring Mvc_Spring Security

Java “春季安全”；身份验证失败：密码与存储值不匹配；使用DaoAuthenticationProvider

java spring spring-mvc spring-security

Java “春季安全”；身份验证失败：密码与存储值不匹配；使用DaoAuthenticationProvider,java,spring,spring-mvc,spring-security,Java,Spring,Spring Mvc,Spring Security,我正在进行一个简单的spring项目，该项目使用spring安全性进行身份验证。 spring-security.xml  <http auto-config="true" use-expressions="true"> <intercept-url pattern="/hellotheme" access="hasRole('ROLE_ADMIN')" /> <!-- ac

我正在进行一个简单的spring项目，该项目使用spring安全性进行身份验证。 spring-security.xml

<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/hellotheme" access="hasRole('ROLE_ADMIN')" />

    <!-- access denied page -->
    <access-denied-handler error-page="/403" />
    <form-login 
        login-page="/login" 
        default-target-url="/hellobootstrap"
        authentication-failure-url="/login?error" 
        username-parameter="username"
        password-parameter="password" />
    <logout logout-success-url="/login?logout" />
    <!-- enable csrf protection -->
    <csrf />
</http>

<authentication-manager>
    <authentication-provider user-service-ref="myUserDetailsService">
    </authentication-provider>
</authentication-manager>

第二次更新 MyUserDetailServiceClass

@Override
public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException {

    Users user = userDao.findByUserName(username);
    List<GrantedAuthority> authorities = buildUserAuthority(user.getUserRoleses());
    return buildUserForAuthentication(user, authorities);
}

// Convert from user entity to spring security userdetails
private User buildUserForAuthentication(Users user,
    List<GrantedAuthority> authorities) {

    return new User(user.getUsername(),
        user.getPassword(), user.isEnabled(),
                    true, true, true, authorities);
}

private List<GrantedAuthority> buildUserAuthority(Set<UserRoles> userRoles) {

    Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();

    // Build user's authorities
    for (UserRoles userRole : userRoles) {
        setAuths.add(new SimpleGrantedAuthority(userRole.getRoles().getRole()));
    }

    List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);

    return Result;
}

@覆盖
公共用户详细信息loadUserByUsername（字符串用户名）
抛出UsernameNotFoundException{
Users user=userDao.findByUserName（用户名）；
列表权限=buildUserAuthority（user.getUserRoleses（））；
返回buildUserForAuthentication（用户、权限）；
}
//从用户实体转换为spring security userdetails
私有用户buildUserForAuthentication（用户，
（主管当局名单）{
返回新用户（User.getUsername（），
user.getPassword（），user.isEnabled（），
真的，真的，真的，权威）；
}
私有列表buildUserAuthority（设置用户角色）{
Set setAuths=new HashSet（）；
//建立用户权限
for（UserRoles用户角色：UserRoles）{
添加（新的SimpleGrantedAuthority（userRole.getRoles（）.getRole（））；
}
列表结果=新的ArrayList（setAuths）；
返回结果；
}

在日志记录中，您将看到执行的hibernate select查询，将问号替换为用户名和密码参数，并尝试在mysql workbench上执行。我执行了，它返回了正确的用户。您是否对密码进行了编码，如果是，那么您还应该提到您的编码器。如果不是，则应使用编码。BCrypt 11轮听起来足够好了。显示您的myUserDetailsService类。@WeareBorg当前代码中没有编码。但我也尝试了BCrypt编码器，但它显示了相同的错误。你不能只是压缩编码器并期望它工作，保存在DB中的密码也需要在保存之前进行编码。而且，就像我说的，让全班同学看看。

13:58:09.229 DEBUG o.h.internal.util.EntityPrinter - com.sample.entities.Roles{id=1, description=, userRoleses=<uninitialized>, role=ROLE_ADMIN}
13:58:09.231 DEBUG o.h.internal.util.EntityPrinter - com.sample.entities.UserRoles{id=1, users=com.sample.entities.Users#1, roles=com.sample.entities.Roles#1}
13:58:09.232 DEBUG o.h.internal.util.EntityPrinter - com.sample.entities.Users{id=1, enabled=true, username=admin, userRoleses=[com.sample.entities.UserRoles#1], password=123456}
13:58:09.234 DEBUG o.h.e.t.i.jdbc.JdbcTransaction - committed JDBC Connection
13:58:09.234 DEBUG o.h.e.t.i.jdbc.JdbcTransaction - re-enabling autocommit
13:58:09.241 DEBUG o.s.o.h.HibernateTransactionManager - Closing Hibernate Session [SessionImpl(PersistenceContext[entityKeys=[EntityKey[com.sample.entities.Roles#1], EntityKey[com.sample.entities.UserRoles#1], EntityKey[com.sample.entities.Users#1]],collectionKeys=[CollectionKey[com.sample.entities.Users.userRoleses#1], CollectionKey[com.sample.entities.Roles.userRoleses#1]]];ActionQueue[insertions=[] updates=[] deletions=[] orphanRemovals=[] collectionCreations=[] collectionRemovals=[] collectionUpdates=[] collectionQueuedOps=[] unresolvedInsertDependencies=UnresolvedEntityInsertActions[]])] after transaction
13:58:09.242 DEBUG o.h.e.j.i.LogicalConnectionImpl - Releasing JDBC connection
13:58:09.243 DEBUG o.h.e.j.i.LogicalConnectionImpl - Released JDBC connection
14:00:25.469 DEBUG o.s.s.a.d.DaoAuthenticationProvider - Authentication failed: password does not match stored value
14:06:40.843 DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

@Override
public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException {

    Users user = userDao.findByUserName(username);
    List<GrantedAuthority> authorities = buildUserAuthority(user.getUserRoleses());
    return buildUserForAuthentication(user, authorities);
}

// Convert from user entity to spring security userdetails
private User buildUserForAuthentication(Users user,
    List<GrantedAuthority> authorities) {

    return new User(user.getUsername(),
        user.getPassword(), user.isEnabled(),
                    true, true, true, authorities);
}

private List<GrantedAuthority> buildUserAuthority(Set<UserRoles> userRoles) {

    Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();

    // Build user's authorities
    for (UserRoles userRole : userRoles) {
        setAuths.add(new SimpleGrantedAuthority(userRole.getRoles().getRole()));
    }

    List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);

    return Result;
}