Question

security-context.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">



    <security:authentication-manager>
        <security:authentication-provider>
            <security:jdbc-user-service
                data-source-ref="dataSource"
                users-by-username-query="select username, password, enabled from users where username=?"
                authorities-by-username-query="select username, authority  from authorities where username=?" />
            <security:password-encoder ref="passwordEncoder"></security:password-encoder>

        </security:authentication-provider>

    </security:authentication-manager>
    <security:http auto-config="true" create-session="always"
        use-expressions="true">

        <security:csrf disabled="true" />


        <security:intercept-url pattern="/" access="permitAll" />
        <security:intercept-url pattern="/home" access="permitAll" />
        <security:intercept-url pattern="/admin/**"
            access='hasRole("ROLE_ADMIN")' />

        <security:form-login login-page="/login"
            authentication-failure-url="/login?error=1" default-target-url="/" />


        <security:headers disabled="true"></security:headers>
    </security:http>
    <bean
        class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"
        id="passwordEncoder">
    </bean>
</beans>

登录控制器

package my.custom.project.controller;

import java.util.List;
import java.util.Locale;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

import my.custom.project.model.User;
import my.custom.project.service.UserService;

@Controller
public class LoginController {


    @Autowired
    private UserService userService;

    @RequestMapping("/login")
    public String Login(@RequestParam(value="error", required=false) String error, 
            @RequestParam(value="logout", required=false) String logout, Model model){

        if (error!=null){
            model.addAttribute("errorMsg","Invalid username and password");
        }
        if(logout!=null){
            model.addAttribute("logoutMsg", "You have been logged out successfully");
        }


        return "login";
    }

}

login.jsp

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>

<main role="main" style="margin-top:30px;" class="col-md-9 ml-sm-auto col-lg-10 pt-3 px-4">
<div class="container-wrapper">
    <div class="container">
        <h2>Login with username and password</h2>
        <c:if test="${not empty errorMsg}">
            <div style="color: #ff0000">
                <h3>${errorMsg}</h3>
            </div>
        </c:if>
        <c:if test="${not empty logoutMsg}">
            <div style="color: #0000ff">
                <h3>${logoutMsg}</h3>
            </div>
        </c:if>


        <form action="<c:url value="/login"/>" method="post">
            <div class="form-group">
                <label for="username">Username:</label> <input type="text"
                    class="form-control" id="uesrname" placeholder="Enter username"
                    name="username" style="width: 50%">
            </div>

            <div class="form-group">
                <label for="pwd">Password:</label> <input type="password"
                    class="form-control" id="passwd" placeholder="Enter password"
                    name="password" style="width: 50%">
            </div>

            <input type="hidden" name="${_csrf.parameterName}"
                value="${_csrf.token}" />


            <button type="submit" class="btn btn-primary">Submit</button>
        </form>
    </div>
</div>
</main>

MySQL数据库

enter image description here

结果是... enter image description here

用户名，密码正确。但是结果总是失败的。我可以通过userService在控制器中接收用户的数据。我猜useDao是正确的工作。 spring security security：jdbc-user-service是否有问题？

如何解决此问题？

Answer 1

Spring确实提供了BCryptPasswordEncoder编码的实用程序类

类似这样

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

public class PasswordEncoderGenerator {

  public static void main(String[] args) {

    String password = "123456";
    BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    String hashedPassword = passwordEncoder.encode(password);

    System.out.println(hashedPassword);

  }
}

您可以使用它为您的用户（例如管理员）生成密码。

使用hashedPassword并将其替换为MySQL的“用户”表中的“密码”列，然后尝试登录。

更多信息请参考this

Spring 4按用户名查询的安全登录用户始终是登录错误

1 个答案: