Java “春季安全”;身份验证失败:密码与存储值不匹配;使用DaoAuthenticationProvider
我正在进行一个简单的spring项目,该项目使用spring安全性进行身份验证。 spring-security.xmlJava “春季安全”;身份验证失败:密码与存储值不匹配;使用DaoAuthenticationProvider,java,spring,spring-mvc,spring-security,Java,Spring,Spring Mvc,Spring Security,我正在进行一个简单的spring项目,该项目使用spring安全性进行身份验证。 spring-security.xml <!-- enable use-expressions --> <http auto-config="true" use-expressions="true"> <intercept-url pattern="/hellotheme" access="hasRole('ROLE_ADMIN')" /> <!-- ac
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/hellotheme" access="hasRole('ROLE_ADMIN')" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
default-target-url="/hellobootstrap"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf />
</http>
<authentication-manager>
<authentication-provider user-service-ref="myUserDetailsService">
</authentication-provider>
</authentication-manager>
第二次更新
MyUserDetailServiceClass
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
Users user = userDao.findByUserName(username);
List<GrantedAuthority> authorities = buildUserAuthority(user.getUserRoleses());
return buildUserForAuthentication(user, authorities);
}
// Convert from user entity to spring security userdetails
private User buildUserForAuthentication(Users user,
List<GrantedAuthority> authorities) {
return new User(user.getUsername(),
user.getPassword(), user.isEnabled(),
true, true, true, authorities);
}
private List<GrantedAuthority> buildUserAuthority(Set<UserRoles> userRoles) {
Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
// Build user's authorities
for (UserRoles userRole : userRoles) {
setAuths.add(new SimpleGrantedAuthority(userRole.getRoles().getRole()));
}
List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);
return Result;
}
@覆盖
公共用户详细信息loadUserByUsername(字符串用户名)
抛出UsernameNotFoundException{
Users user=userDao.findByUserName(用户名);
列表权限=buildUserAuthority(user.getUserRoleses());
返回buildUserForAuthentication(用户、权限);
}
//从用户实体转换为spring security userdetails
私有用户buildUserForAuthentication(用户,
(主管当局名单){
返回新用户(User.getUsername(),
user.getPassword(),user.isEnabled(),
真的,真的,真的,权威);
}
私有列表buildUserAuthority(设置用户角色){
Set setAuths=new HashSet();
//建立用户权限
for(UserRoles用户角色:UserRoles){
添加(新的SimpleGrantedAuthority(userRole.getRoles().getRole());
}
列表结果=新的ArrayList(setAuths);
返回结果;
}
在日志记录中,您将看到执行的hibernate select查询,将问号替换为用户名和密码参数,并尝试在mysql workbench上执行。我执行了,它返回了正确的用户。您是否对密码进行了编码,如果是,那么您还应该提到您的编码器。如果不是,则应使用编码。BCrypt 11轮听起来足够好了。显示您的myUserDetailsService类。@WeareBorg当前代码中没有编码。但我也尝试了BCrypt编码器,但它显示了相同的错误。你不能只是压缩编码器并期望它工作,保存在DB中的密码也需要在保存之前进行编码。而且,就像我说的,让全班同学看看。
13:58:09.229 DEBUG o.h.internal.util.EntityPrinter - com.sample.entities.Roles{id=1, description=, userRoleses=<uninitialized>, role=ROLE_ADMIN}
13:58:09.231 DEBUG o.h.internal.util.EntityPrinter - com.sample.entities.UserRoles{id=1, users=com.sample.entities.Users#1, roles=com.sample.entities.Roles#1}
13:58:09.232 DEBUG o.h.internal.util.EntityPrinter - com.sample.entities.Users{id=1, enabled=true, username=admin, userRoleses=[com.sample.entities.UserRoles#1], password=123456}
13:58:09.234 DEBUG o.h.e.t.i.jdbc.JdbcTransaction - committed JDBC Connection
13:58:09.234 DEBUG o.h.e.t.i.jdbc.JdbcTransaction - re-enabling autocommit
13:58:09.241 DEBUG o.s.o.h.HibernateTransactionManager - Closing Hibernate Session [SessionImpl(PersistenceContext[entityKeys=[EntityKey[com.sample.entities.Roles#1], EntityKey[com.sample.entities.UserRoles#1], EntityKey[com.sample.entities.Users#1]],collectionKeys=[CollectionKey[com.sample.entities.Users.userRoleses#1], CollectionKey[com.sample.entities.Roles.userRoleses#1]]];ActionQueue[insertions=[] updates=[] deletions=[] orphanRemovals=[] collectionCreations=[] collectionRemovals=[] collectionUpdates=[] collectionQueuedOps=[] unresolvedInsertDependencies=UnresolvedEntityInsertActions[]])] after transaction
13:58:09.242 DEBUG o.h.e.j.i.LogicalConnectionImpl - Releasing JDBC connection
13:58:09.243 DEBUG o.h.e.j.i.LogicalConnectionImpl - Released JDBC connection
14:00:25.469 DEBUG o.s.s.a.d.DaoAuthenticationProvider - Authentication failed: password does not match stored value
14:06:40.843 DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
Users user = userDao.findByUserName(username);
List<GrantedAuthority> authorities = buildUserAuthority(user.getUserRoleses());
return buildUserForAuthentication(user, authorities);
}
// Convert from user entity to spring security userdetails
private User buildUserForAuthentication(Users user,
List<GrantedAuthority> authorities) {
return new User(user.getUsername(),
user.getPassword(), user.isEnabled(),
true, true, true, authorities);
}
private List<GrantedAuthority> buildUserAuthority(Set<UserRoles> userRoles) {
Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
// Build user's authorities
for (UserRoles userRole : userRoles) {
setAuths.add(new SimpleGrantedAuthority(userRole.getRoles().getRole()));
}
List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);
return Result;
}