SpringSecurity登录无效

时间:2015-08-12 19:51:12

标签: java spring spring-security

我浏览了一些教程并构建了一个Spring Security Login。 但每当我登录时,我都会从日志中收到以下错误:

2015-08-12 21:39:21 DEBUG DriverManagerDataSource:142 - Creating new JDBC DriverManager Connection to [jdbc:mysql://localhost:3306/sailplanner]
2015-08-12 21:39:21 TRACE StatementCreatorUtils:225 - Setting SQL statement parameter value: column index 1, parameter value [abc@gmail.com], value class [java.lang.String], SQL type unknown
2015-08-12 21:39:21 DEBUG DataSourceUtils:327 - Returning JDBC Connection to DataSource
2015-08-12 21:39:21 DEBUG JdbcTemplate:693 - Executing prepared SQL query
2015-08-12 21:39:21 DEBUG JdbcTemplate:627 - Executing prepared SQL statement [select u.email, ur.role from user_roles ur left outer join users u on (ur.user_id = u.id) where u.email=?]
2015-08-12 21:39:21 DEBUG DataSourceUtils:110 - Fetching JDBC Connection from DataSource
2015-08-12 21:39:21 DEBUG DriverManagerDataSource:142 - Creating new JDBC DriverManager Connection to [jdbc:mysql://localhost:3306/sailplanner]
2015-08-12 21:39:21 TRACE StatementCreatorUtils:225 - Setting SQL statement parameter value: column index 1, parameter value [1], value class [java.lang.String], SQL type unknown
2015-08-12 21:39:21 DEBUG DataSourceUtils:327 - Returning JDBC Connection to DataSource
2015-08-12 21:39:21 DEBUG JdbcUserDetailsManager:200 - User 'abc@gmail.com' has no authorities and will be treated as 'not found'
2015-08-12 21:39:21 DEBUG DaoAuthenticationProvider:147 - User 'abc@gmail.com' not found

启动以下SQL请求时,我得到以下结果:

select u.email, ur.role from user_roles ur left outer join users u on (ur.user_id = u.id) where u.email="abc@gmail.com"

结果:

abc@gmail.com   ROLE_USER
abc@gmail.com   ROLE_ADMIN

我有以下spring-secuity.xml设置:

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-4.0.xsd">

    <!-- enable use-expressions -->
    <http auto-config="true" use-expressions="true">

        <intercept-url pattern="/inside**" access="hasRole('ROLE_USER')" />

        <!-- access denied page -->
        <access-denied-handler error-page="/403" />

        <form-login 
            login-page="/login" 
            default-target-url="/welcome" 
            authentication-failure-url="/login?error"
            login-processing-url="/j_spring_security_check"  
            username-parameter="username"
            password-parameter="password" />

        <logout logout-success-url="/login?logout"  />

        <csrf/>
    </http>

    <!-- Select users and user_roles from database -->
    <authentication-manager>
      <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
          users-by-username-query=
            "select id, first_name, last_name, weight, email, password from users where email=?" 
          authorities-by-username-query=
            "select u.email, ur.role from user_roles ur left outer join users u on (ur.user_id = u.id) where u.email=?"
            />
      </authentication-provider>
    </authentication-manager>

</beans:beans>

2 个答案:

答案 0 :(得分:2)

user-by-username-query只需选择用户名,密码并启用。

authority-by-username-query不需要连接,使用第二个选择获取权限。

那样的(假设您使用的是用户名的电子邮件?)

<jdbc-user-service data-source-ref="dataSource"
      users-by-username-query=
        "select email, password, true from users where email=?" 

      authorities-by-username-query=
        "select u.email, ur.role from user_roles ur left outer join users u on (ur.user_id = u.id) where u.email=?"
        />

答案 1 :(得分:0)

它正在使用liferay吗?如果您正在使用,请尝试使用用户名而不是电子邮件,我认为这可以解决您的问题:)

相关问题
最新问题