Spring4安全,MySQL,c3p0连接。登录在Spring5中起作用,但在Spring4中不起作用
此代码在Spring 5中有效。但我的公司需要Spring 4。Spring4安全,MySQL,c3p0连接。登录在Spring5中起作用,但在Spring4中不起作用,mysql,spring,hibernate,spring-security,c3p0,Mysql,Spring,Hibernate,Spring Security,C3p0,此代码在Spring 5中有效。但我的公司需要Spring 4。 在Spring4中,登录可以很好地使用inMemoryAuthentication。但是当我添加jdbc逻辑(c3p0、MySQL依赖项和添加数据源代码和jdbc连接、c3p0连接池.properties文件)时;服务器运行,登录页面打开,但身份验证失败(用户名/密码不正确) 下面是包结构 下面是.properties文件的位置和代码 这是配置类 @配置 @EnableWebMvc @组件扫描(basePackages=
- 下面是.properties文件的位置和代码
// set up variable to hold the properties. One can use spring helper classes or use @Autowired
@Autowired
private Environment env; // will hold the data read from the properties file
// set up a logger for diagnostics
private Logger logger = Logger.getLogger(getClass().getName());
// define a bean for ViewResolver
@Bean
public ViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setPrefix("/WEB-INF/view/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
// define a bean for our security datasource
@Bean
public DataSource securityDataSource() {
// create a connection pool
ComboPooledDataSource securityDatasource
= new ComboPooledDataSource();
// set the jdbc driver
try {
securityDatasource.setDriverClass(env.getProperty("jdbc.driver"));
} catch (PropertyVetoException exc) {
// I'm wrapping this exception as runtime exception. It's unchecked and throwing that,
// so, at least the system knows if something goes wrong, or if there's a problem
throw new RuntimeException(exc);
}
// log the connection props
// just for sanity's sake. if it's reading from properties file
logger.info(">>> jdbc.url= " + env.getProperty("jdbc.url"));
logger.info(">>> jdbc.user= " + env.getProperty("jdbc.user"));
logger.info(">>> jdbc.password= " + env.getProperty("jdbc.password"));
// set the database connection props
securityDatasource.setJdbcUrl(env.getProperty("jdbc.url"));
securityDatasource.setUser(env.getProperty("jdbc.user"));
securityDatasource.setPassword(env.getProperty("jdbc.password"));
// set the connection pool props
securityDatasource.setInitialPoolSize(
getIntProperty("connection.pool.initialPoolSize"));
securityDatasource.setMinPoolSize(
getIntProperty("connection.pool.minPoolSize"));
securityDatasource.setMaxPoolSize(
getIntProperty("connection.pool.maxPoolSize"));
securityDatasource.setMaxIdleTime(
getIntProperty("connection.pool.maxIdleTime"));
return securityDatasource;
}
// need a helper method
// read environment property and convert to int
private int getIntProperty(String propName) {
String propValue = env.getProperty(propName);
// now convert to int
int intPropValue = Integer.parseInt(propValue);
return intPropValue;
}
}
// add a reference to our security data source
@Autowired
private DataSource securityDataSource;
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
/*
//inMemoryAuthentication deprecated in latest Spring
auth.inMemoryAuthentication().withUser("john").password("111").roles(
"EMPLOYEE");
auth.inMemoryAuthentication().withUser("mary").password("111").roles(
"EMPLOYEE", "MANAGER");
auth.inMemoryAuthentication().withUser("susan").password("111").roles(
"EMPLOYEE", "ADMIN");
*/
// use jdbc aunthetication
// tell Spring Security to use JDBC authentication with our data source
auth.jdbcAuthentication().dataSource(securityDataSource);
}
/**
* Configure security of web paths in application, login, logout etc
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// .anyRequest().authenticated() // any request to the app must be authenticated
// (i.e. logging in)
.antMatchers("/").hasRole("EMPLOYEE").antMatchers("/leaders/**").hasRole("MANAGER")
// show our custom form at the request mapping "/showMyLoginPage"
.antMatchers("/systems/**").hasRole("ADMIN").and().formLogin().loginPage("/showLoginPage")
.loginProcessingUrl("/authenticateTheUser") // Login form should POST data to this URL for processing
// (check username & password)
.usernameParameter("username") // don't add this in spring 5
.passwordParameter("password") // don't add this in spring 5
.permitAll() // Allow everyone to see login page. No need to be logged in.
.and().logout().permitAll().and().exceptionHandling().accessDeniedPage("/access-denied");
}
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] {AppConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] {"/"};
}
@RequestMapping(value = "/", method = RequestMethod.GET)
public String showHome() {
return "home";
}
// add a request mapping for /leaders
@RequestMapping(value = "/leaders", method = RequestMethod.GET)
public String showLeader() {
return "leaders";
}
// add a request mapping for /systems
@RequestMapping(value = "/systems", method = RequestMethod.GET)
public String showAdmin() {
return "systems";
}
@RequestMapping(value = "/showLoginPage", method = RequestMethod.GET)
public String showLoginPage() {
return "fancy-login";
}
// add a request mapping for /access-denied
@RequestMapping(value = "/access-denied", method = RequestMethod.GET)
public String showAccessDenied() {
return "access-denied";
}
- 从数据库中删除{noop}。{noop}或{bcrypt}在Spring 5中
@RequestMapping(value = "/showLoginPage", method = RequestMethod.GET)
public String showLoginPage() {
return "fancy-login";
}
// add a request mapping for /access-denied
@RequestMapping(value = "/access-denied", method = RequestMethod.GET)
public String showAccessDenied() {
return "access-denied";
}