users-by-username-query 不返回任何结果

【问题标题】:users-by-username-query returns no resultsusers-by-username-query 不返回任何结果
【发布时间】:2013-12-08 15:30:32
【问题描述】:

我正在尝试从 DB 获取身份验证角色。表格在那里,这是我的上下文:

 <!-- Configures in-memory implementation of the UserDetailsService implementation -->
<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider>
    <security:jdbc-user-service data-source-ref="dataSource"
       users-by-username-query="select * from users where email=?" 
       authorities-by-username-query="select u.email, ur.authority from users u, usersroles ur where u.id = ur.userid and u.email = ?" 
    />
    </security:authentication-provider>
</security:authentication-manager>

用户通过电子邮件进行身份验证。在数据库控制台中执行此查询时,它返回一个对象,但是当我查看日志时,我发现:

16:18:55,517 DEBUG JdbcTemplate:637 - Executing prepared SQL query
16:18:55,518 DEBUG JdbcTemplate:572 - Executing prepared SQL statement [select * from users where email=?]
16:18:55,519 DEBUG DataSourceUtils:110 - Fetching JDBC Connection from DataSource
16:18:55,519 DEBUG DriverManagerDataSource:162 - Creating new JDBC DriverManager Connection to [jdbc:h2:file:../lib/Money]
16:18:55,582 DEBUG DataSourceUtils:327 - Returning JDBC Connection to DataSource
16:18:55,607 DEBUG JdbcUserDetailsManager:154 - Query returned no results for user ''
16:18:55,610 DEBUG DaoAuthenticationProvider:134 - User '' not found
16:18:55,610 DEBUG UsernamePasswordAuthenticationFilter:346 - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

我做错了什么?

用户和密码是从前端代码发送的。我想一切都很好。我在那里发送一个带有用户名和密码的简单 JSON。我猜autenticationManager 有问题。代码如下:

    <!-- Configures a custom login filter bean -->
<bean id="loginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationFailureHandler" ref="restAuthenticationFailureHandler"/>
    <property name="authenticationSuccessHandler" ref="restAuthenticationSuccessHandler"/>
    <property name="filterProcessesUrl" value="/api/login/"/>
    <property name="usernameParameter" value="username"/>
    <property name="passwordParameter" value="password"/>
    <property name="postOnly" value="true"/>
</bean>

【问题讨论】:

  • for user '' 这是你的线索...电子邮件不知何故未设置
  • 向我们展示一些代码,因为执行的查询有问题,如您的日志中所述
  • @Ben 我用更多信息更新了问题
  • 保存用户的表是否应该有列用户名?我的没有。
  • 我找到了这个问题的答案。我发送 JSON 对象的问题,参数应该作为 http params (AngularJS) > $http({method: 'POST', url: 'api/login/', data : 'username=' + $scope. user.username + &password=' + $scope.user.password, headers:{'Accept': '/', 'Content-Type':'application/x-www-form-urlencoded; charset=UTF-8','X-Requested-With':'XMLHttpRequest'}}).success(function(budgetId) {

标签: java spring security


【解决方案1】:

尝试通过用户名查询写入用户,使其按此顺序返回3个参数:

  • 用户名
  • 密码
  • 启用

例如:

 <security:jdbc-user-service data-source-ref="dataSource"
   users-by-username-query="SELECT username, password, true FROM users WHERE email=?" 
   authorities-by-username-query="select u.email, ur.authority from users u, usersroles ur where u.id = ur.userid and u.email = ?" 
/>

【讨论】:

    【解决方案2】:

    这样配置。

    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <!-- enable use-expressions -->
    <http auto-config="true" use-expressions="true">

        <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />

        <!-- access denied page -->
        <access-denied-handler error-page="/403" />

        <form-login 
            login-page="/login" 
            default-target-url="/welcome" 
            authentication-failure-url="/login?error" 
            username-parameter="username"
            password-parameter="password" />
        <logout logout-success-url="/login?logout"  />
        <!-- enable csrf protection -->
        <csrf/>
    </http>

    <!-- Select users and user_roles from database -->
    <authentication-manager>
      <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
          users-by-username-query=
            "select username,password, enabled from users where username=?"
          authorities-by-username-query=
            "select username, role from user_roles where username =?  " />
      </authentication-provider>
    </authentication-manager>

</beans:beans>

    【讨论】:

      猜你喜欢
      • 2018-03-29
      • 1970-01-01
      • 2014-06-02
      • 1970-01-01
      • 1970-01-01
      • 2012-08-23
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode