【问题标题】:Spring Boot, Spring Security, MySQL - CustomUserDetailsService always results in the error "Invalid Username or Password"Spring Boot、Spring Security、MySQL - CustomUserDetailsS​​ervice 总是导致错误“用户名或密码无效”
【发布时间】:2017-06-14 11:05:39
【问题描述】:

this tutorial 导致的问题。

我的问题是我总是遇到我的用户被从数据库中读取但我没有获得身份验证的问题。在视图上,它总是显示错误消息“无效的用户名或密码”。我的控制台输出显示没有错误。当我通过身份验证过程进行调试时,没有不清楚的行为可能来自错误。

在我的 pom.xml 中,我使用了以下依赖项。

<dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.apache.tomcat.embed</groupId>
        <artifactId>tomcat-embed-jasper</artifactId>
        <scope>provided</scope>
    </dependency>
    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>jstl</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-starter-test</artifactId>
          <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>
    <dependency>
        <groupId>mysql</groupId>
        <artifactId>mysql-connector-java</artifactId>
    </dependency>
  </dependencies>

我的 CustomUserDetailsS​​ervice.java 看起来像这样。

@Service("customUserDetailsService")
public class CustomUserDetailsService implements UserDetailsService {

    private final UserRepository userRepository;
    private final UserRolesRepository userRolesRepository;

    @Autowired
    public CustomUserDetailsService(UserRepository userRepository,
            UserRolesRepository userRolesRepository) {

        this.userRepository = userRepository;
        this.userRolesRepository = userRolesRepository;

    }

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        User user = userRepository.findByUserName(username);

        if (user == null) {
            throw new UsernameNotFoundException("No user present with username " + username);
        }
        else {
            List<String> userRoles = userRolesRepository.findRoleByUserName(username);
            return new CustomUserDetails(user, userRoles);
        }

    }

}

CustomUserDetails.java

    public class CustomUserDetails extends User implements UserDetails {

    private static final long serialVersionUID = 1L;
    private List<String> userRoles;

    public CustomUserDetails(User user, List<String> userRoles) {

        super(user);
        this.userRoles = userRoles;

    }

    @Override
    public Collection< ? extends GrantedAuthority> getAuthorities() {

        String roles = StringUtils.collectionToCommaDelimitedString(userRoles);

        return AuthorityUtils.commaSeparatedStringToAuthorityList(roles);
    }

    @Override
    public boolean isAccountNonExpired() {

        return false;
    }

    @Override
    public boolean isAccountNonLocked() {

        return false;
    }

    @Override
    public boolean isCredentialsNonExpired() {

        return false;
    }
}

WebSecurityConfig.java

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(userDetailsService).passwordEncoder(passwordencoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .antMatchers("/", "/home", "/images/**", "/css/**", "/js/**", "/loadEvents")
                .permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login")
                .permitAll().and().logout().permitAll();
    }

    @Bean(name = "passwordEncoder")
    public PasswordEncoder passwordencoder() {

        return new BCryptPasswordEncoder();
    }
}

正如我之前提到的,我认为错误不会发生在数据库上。我使用了教程之外的数据库方案。我还使用了 User.java UserRole.java 和教程中的两个存储库。

我的 Application.java 看起来像这样。

@SpringBootApplication
@EnableJpaRepositories(basePackages = "<package>")
@EntityScan(basePackages = "<package>")
public class Application {

    public static void main(String[] args) throws Throwable {

        SpringApplication.run(Application.class, args);
    }

}

更新 1:链接到 Git 项目 https://github.com/pStuetz/Speeddating4SO/tree/master

您可能需要编辑 src/main/resources/application.properties 以支持您的数据库。我包含了用于创建数据库表的 sql 脚本。

【问题讨论】:

  • 您能分享您的源代码吗?给定教程中的应用程序无法正常运行,它抱怨缺少页面等。
  • 感谢您的回复我已将链接添加到 git 项目。

标签: mysql spring spring-mvc spring-boot spring-security


【解决方案1】:

我已通过添加此行在 application.properties 中启用跟踪日志记录

logging.level.=TRACE

看到了错误信息

org.springframework.security.authentication.LockedException: User account is locked

在控制台中。

您的自定义用户详细信息类 de.dhbw.stuttgart.speeddating.userhandling.service.impl.CustomUserDetails 从方法“isAccountNonExpired 返回“false” strong>”、“isAccountNonLocked”和“isCredentialsNonExpired”。我猜这些方法应该从 de.dhbw.stuttgart.speeddating.userhandling.service.User 类返回属性“enabled”的值。

将所有这些“false”更改为“true”后,登录过程开始按预期工作。

【讨论】:

  • 这就是解决方案。非常感谢!
猜你喜欢
  • 1970-01-01
  • 2015-03-10
  • 2017-12-06
  • 2015-04-07
  • 1970-01-01
  • 2011-07-26
  • 1970-01-01
  • 1970-01-01
  • 2019-03-23
相关资源
最近更新 更多