Fatal编程技术网
  • java/
  • Java spring安全性问题:从数据库访问用户数据 解决了的

Java spring安全性问题:从数据库访问用户数据 解决了的

java xml spring jdbc spring-security

Java spring安全性问题:从数据库访问用户数据 解决了的,java,xml,spring,jdbc,spring-security,Java,Xml,Spring,Jdbc,Spring Security,设法让它以上面提到的方式工作。问题是SQL中的一个错误。我错过了r tbl_用户角色。谢谢你的帮助:- 我正在开发一个web应用程序,我正在使用spring security进行登录身份验证,但是当我试图从数据库访问用户和用户角色时,除了在控制台中获得此信息外,什么都没有发生 信息:org.springframework.beans.factory.xml.XmlBeanDefinitionReader-从类路径资源[org/springframework/jdbc/support/sql er

设法让它以上面提到的方式工作。问题是SQL中的一个错误。我错过了r tbl_用户角色。谢谢你的帮助:-

我正在开发一个web应用程序,我正在使用spring security进行登录身份验证,但是当我试图从数据库访问用户和用户角色时,除了在控制台中获得此信息外,什么都没有发生

信息:org.springframework.beans.factory.xml.XmlBeanDefinitionReader-从类路径资源[org/springframework/jdbc/support/sql error codes.xml]加载xml bean定义

根上下文.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cloud="http://schema.cloudfoundry.org/spring"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc                    http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
    http://schema.cloudfoundry.org/spring http://schema.cloudfoundry.org/spring/cloudfoundry-spring-0.7.xsd
    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">

<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">  
<property name="dataSource" ref="dataSource"></property>    
</bean>   
    
<!-- Initialization for data source -->
<bean id="dataSource" 
  class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${database.driver}" />
<property name="url" value="${database.url}" />
<property name="username" value="${database.user}" />
<property name="password" value="${database.password}" />
</bean> 



<!-- Spring Security -->
<!-- NB the order of the http elements is vital here as this is the order in which the URLs are matched against -->
<!-- No security for resources directory -->
<security:http pattern="/resources/**" security="none" auto-config='false'/>

<!-- REST services are secured with Basic Auth -->
<security:http auto-config='true'>
<security:intercept-url pattern="/Admin" access="ROLE_ADMIN" />
<security:access-denied-handler error-page="/accessdenied"/>
<security:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" /><!-- allows all user to access the login page -->
<security:intercept-url pattern="/**" access="ROLE_USER, ROLE_ADMIN" /><!-- makes all pages secured requiring the roll ROLL_USER  to access them -->
<security:form-login login-page='/login' default-target-url="/" 
        authentication-failure-url="/loginfailed" always-use-default-target='true'/><!--supplying my own login form/page-->
<security:logout logout-success-url="/" logout-url="/j_spring_security_logout" />
</security:http>

<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service 
      data-source-ref="dataSource"
      users-by-username-query="SELECT USERNAME, PASSWORD FROM TrainAppDB.dbo.tbl_Users WHERE USERNAME=?"
          authorities-by-username-query="SELECT u.USERNAME, ur.AUTHORITY FROM TrainAppDB.dbo.tbl_Users u, TrainAppDB.dbo.tbl_UseRoles ur WHERE u.USER_ID = ur.USER_ID AND u.USERNAME=?"
         />
</security:authentication-provider>
</security:authentication-manager>
如果我使用带有硬编码用户和密码的用户服务,那么它可以正常工作,但在使用jdbc用户服务时则不行。为什么不起作用?

好的,身份验证提供商应该将XXX作为参数;大概是这样的:

<sec:authentication-manager alias="authenticationManager">
   <sec:authentication-provider user-service-ref="userDetailsService"/>
</sec:authentication-manager>


<!-- use Spring's impl -->
<bean id="userDetailsService" class="org.springframework.security.provisioning.JdbcUserDetailsManager">
   <property name="dataSource" ref="dataSource"/>
   <property name="enableGroups" value="false"/>
   <property name="rolePrefix" value="ROLE_"/>
</bean>
这会将UserDetailService连接到数据源。

thanx以获取回复。因此,我需要在我的项目中创建userDetailsService,还是可以将其添加到root context.xml中。同样,如果我这样做,我需要在这里添加什么?????????????????????只需将其添加到XML中即可。您不必添加任何其他内容。尝试将其原样粘贴到XML中。让我知道它是否有效。