Spring安全认证问题

Question

我们需要关于使用Spring Security进行认证的帮助。当我们尝试为我们的应用程序输入登录凭据并单击提交时，我们会收到无效的凭据错误。

我们检查了数据库和我们用来登录的认证细节似乎是正确的。但仍然得到下面的异常

[DEBUG,LdapAuthenticationProvider,http-localhost%2F127.0.0.1-8080-1] Processing   authentication request for user: admin 
[DEBUG,FilterBasedLdapUserSearch,http-localhost%2F127.0.0.1-8080-1] Searching for user 'admin', with user search [ searchFilter: 'sAMAccountName={0}', searchBase: 'DC=ad,DC=infosys,DC=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: true ] 
[INFO,SpringSecurityLdapTemplate,http-localhost%2F127.0.0.1-8080-1] Ignoring PartialResultException 
[WARN,LoggerListener,http-localhost%2F127.0.0.1-8080-1] Authentication event AuthenticationFailureBadCredentialsEvent: admin; details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: DEC9042719AA53736897C4383DCF8FE8; exception: Bad credentials 
[DEBUG,UsernamePasswordAuthenticationFilter,http-localhost%2F127.0.0.1-8080-1] Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials 

我试着连接到数据库SQLSERVER2008，并试图login.Below的是，我们正在使用

<http auto-config='false' realm="MaskIT Realm" access-denied-page="/403.jsp"> 
     <intercept-url pattern="/*.htm" access="ROLE_ADMIN,ROLE_REQUESTOR,ROLE_APPROVER" /> 
     <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
     <form-login login-page="/login.jsp" 
       authentication-failure-url="/login.jsp?login_error=1" 
       default-target-url="/redirect.jsp" /> 
     <http-basic /> 
     <intercept-url pattern="/securityService" access="IS_AUTHENTICATED_ANONYMOUSLY" 
       requires-channel="http" /> 
     <logout logout-success-url="/login.jsp" /> 
    </http> 
    <b:bean id="myAuthenticationProvider" 
     class="com.infosys.setl.himi.maskit.security.SwitchingAuthenticationProvider"> 
    <b:constructor-arg ref="paramManager" /> 
    <b:property name="providers"> 
     <b:list> 
      <b:ref local="daoAuthenticationProvider" /> 
      <b:ref local="ldapProvider" /> 

     </b:list> 
    </b:property> 
</b:bean> 


<b:bean id="daoAuthenticationProvider" 
     class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> 
     <b:property name="userDetailsService" ref="userDetailsService" /> 
     <!-- <b:property name="passwordEncoder" ref="passwordEncoder" /> --> 
    </b:bean> 


    <b:bean id="userDetailsService" 
     class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl"> 
     <b:property name="dataSource" ref="dataSourceMSSQL" /> 
     <b:property name="usersByUsernameQuery"> 
       <b:value>SELECT user_id ,password,active FROM sec_users 
        WHERE 
        user_id=?</b:value> 
     </b:property> 
     <b:property name="authoritiesByUsernameQuery"> 
      <b:value>SELECT a.user_id AS user_id,b.roleName AS roleName FROM 
        sec_users a, emaskit_roles b 
        WHERE a.roleID = b.roleID AND 
        a.user_id=?</b:value> 
     </b:property> 
    </b:bean> 

我想security.xml文件知道如何&当sql查询执行时检查身份验证。它是否调用任何Java类（以便我可以调试代码并检查它失败的位置）来执行检查，还是由Spring框架内部完成？

请协助。在此先感谢

Answer 1

兄弟我是你logfile显示你尝试使用Ldap进行身份验证（ LdapAuthenticationProvider），但你的xml文件显示你尝试使用 DaoAuthenticationProvider。

我真的认为你集中部署了你，或者你看/部署在错误的服务器上，或者根本没有部署（实际版本）应用程序。

此外，还有在你配置中的错误：你要告诉春季安全使用您的daoAuthenticationProvider：

补充一点：

<authentication-manager alias="authenticationManager"> 
    <authentication-provider ref="daoAuthenticationProvider"/> 
</authentication-manager>