0
当我在我的应用程序登录时,必须做一个查询,以验证用户是否存在于MySQL数据库。但是,它没有完成,或者如果它完成了,我没有任何线索。Spring安全配置不验证用户/密码从mysql
我使用这个配置在我的弹簧security.xml文件:
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/home" access="permitAll"/>
<security:intercept-url pattern="/login" access="permitAll"/>
<security:intercept-url pattern="/restrict/resources/**" access="permitAll" />
<security:intercept-url pattern="/assets/**" access="permitAll" />
<security:intercept-url pattern="/restrict/js/**" access="permitAll" />
<security:intercept-url pattern="/**" access="hasRole('Admin')" />
<security:intercept-url pattern="/administrador.boxml" access="permitAll" />
<security:form-login login-page="/login"
default-target-url="/organizacao"
authentication-success-handler-ref="authenticationSuccessHandler"
authentication-failure-handler-ref="authenticationFailureHandler"
authentication-failure-url="/login?erro=true"/>
<security:access-denied-handler error-page="/acessonegado" />
<security:session-management invalid-session-url="/login" />
<security:form-login login-page="/administrador.boxml"
authentication-success-handler-ref="authenticationSuccessHandler"
authentication-failure-handler-ref="authenticationFailureHandler"
authentication-failure-url="/administrador.boxml?erro=true"
default-target-url="/restrict/layout.boxml"/>
<security:access-denied-handler error-page="/acessonegado.boxml" />
</security:http>
<session-management invalid-session-url="/login.boxml" />
<bean id="authenticationSuccessHandler" class="br.com.kolss.boxml.login.LoginSuccessHandler"/>
<bean id="authenticationFailureHandler" class="br.com.kolss.boxml.login.LoginFailureHandler"/>
<security:authentication-manager>
<security:authentication-provider>
<security:password-encoder hash="sha-256"/>
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT distinct u.email_usuario, u.senha_usuario, 'true' as enabled FROM usuario u WHERE u.ativo=1 and lower(u.email_usuario)=lower(?)"
authorities-by-username-query="SELECT distinct u.email_usuario as username, p.descricao as authorities FROM usuario u INNER JOIN perfil p ON u.id_perfil = p.id_perfil INNER JOIN escritorio_contabil e ON u.id_escritorio_contabil = e.id_escritorio_contabil WHERE u.ativo=1 and e.ativo = 1 and lower(u.email_usuario)=lower(?)"/>
</security:authentication-provider>
<security:authentication-provider>
<security:password-encoder hash="sha-256"/>
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT distinct a.email_administrador, a.senha_administrador, 'true' as enabled FROM administrador a WHERE a.ativo=1 and lower(a.email_administrador)=lower(?)"
authorities-by-username-query="SELECT distinct a.email_administrador as username, 'ADMINISTRADOR' as authorities FROM administrador a WHERE a.ativo=1 and lower(a.email_administrador)=lower(?)"/>
</security:authentication-provider>
</security:authentication-manager>
这是登录调试运行的过程:
1)登录
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%@ taglib uri="http://tiles.apache.org/tags-tiles" prefix="tiles"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- META CONFIGURATION -->
<meta http-equiv="Content-Type" content="text/html; charset=iso- 8859-1">
<meta http-equiv="content-language" content="pt-br">
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="robots" content="index, follow" />
<meta name="description" content="boXml é uma ferramenta desenvolvida pela Kolss especialmente para as empresas que necessitam de uma automatização em armazenamento e organização de XML." />
<meta name="keywords" content="boxml, xml, armazenamento, organização, sistema, kolss" />
<!-- // -->
<!-- OPEN GRAPH META -->
<meta property="og:title" content="Armazenamos e organizamos seus XMLs. Faça um teste grátis!"/>
<meta property="og:image" content="restrict/resources/images/boxml_og.png"/>
<meta property="og:site_name" content="boXml"/>
<meta property="og:description" content="Uma ferramenta desenvolvida especialmente para as empresas que necessitam de uma automatização em armazenamento e organização de XML."/>
<!-- // -->
<!-- WEB DESIGN & DEVELOPMENT -->
<meta name="author" content="Brício Fernandes" />
<meta name="reply-to" content="[email protected]" />
<!-- // -->
<!-- FAVICON -->
<link rel="shortcut icon" href="restrict/resources/images/favicon.ico" type="image/x-icon" />
<!-- // -->
<!-- TITLE -->
<title>Login | boXml - Solução em Armazenamento de XMLs</title>
<!-- // -->
<!-- CSS LIBRARY -->
<link rel="stylesheet" href="restrict/resources/css/foundation/foundation.css" />
<link rel="stylesheet" href="restrict/resources/css/icons/flaticon.css" />
<link rel="stylesheet" href="restrict/resources/css/styles/style.css" />
<link rel="stylesheet" href="restrict/resources/css/simptip.css" />
<link rel="stylesheet" href="restrict/resources/css/introloader/introLoader.css" />
<link rel="stylesheet" href="restrict/resources/css/slick.css" />
<!-- // -->
<!-- SCRIPT LIBRARY -->
<script src="restrict/js/jqueryNovoTemplate/jquery.js"></script>
<!-- // -->
<!-- MODERNIZR - FOUNDATION -->
<script src="restrict/js/foundation/modernizr.js"></script>
<!-- // -->
</head>
<body id="login">
<!-- INTRO LOADER -->
<div id="intro"></div>
<!-- // -->
<!-- SECTION "CONTACT" -->
<section id="login" class="section">
<div class="row">
<div class="small-11 small-centered medium-7 medium-centered large-5 large-centered columns">
<div class="row">
<div class="small-12 medium-12 large-12 columns text-center">
<div class="padding-logo">
<img src="restrict/resources/images/boxml_logomarca_invert.png" title="boXml - Solução em armazenamento de XMLs" width="133" height="35"/>
</div>
</div>
</div>
<form id="form-login" method="POST" action="<c:url value="/j_spring_security_check" />">
<c:if test="${param.erro}">
Falha no login.
</c:if>
<div class="row">
<div class="small-12 medium-12 large-12 columns">
<label>E-mail:
<input type="text" name="j_username" id="j_username"/>
</label>
</div>
</div>
<div class="row">
<div class="small-12 medium-12 large-12 columns">
<label>Senha:
<input type="password" name="j_password" id="j_password"/>
</label>
</div>
</div>
<div class="row" style="padding-top:11px">
<div class="small-12 small-centered medium-12 medium-centered large-12 large-centered columns">
<input id="btn" title="Clique para entrar" class="submit button btn-action btn-green btn-big" type="submit" value="Entrar" />
<a id="btn" style="margin-right:0" title="Clique para voltar ao site" class="submit button btn-action btn-gray btn-big" href="home.boxml">Cancelar </a>
</div>
</div>
</form>
<div class="row">
<div class="small-12 medium-12 large-12 columns text-center">
<div class="login-footer clearfix">
<span class="left">
<a href="recuperar.html" title="Clique para recuperar sua senha"><b>Esqueceu a senha?</b></a>
</span>
<div class="partner right">
<ul>
<li><a href="https://www.geotrust.com/" target="_blank" title="Secured by GeoTrust"><img src="restrict/resources/images/geotrust.png" width="151" height="37" /></a></li>
<li><a href="https://aws.amazon.com/pt/" target="_blank" title="Amazon Web services"><img src="restrict/resources/images/amazon.png" width="126" height="47" /></a></li>
</ul>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
<!-- // -->
<!-- SCRIPT LIBRARY -->
<script src="restrict/js/foundation/jquery.js"></script>
<script src="restrict/js/foundation/foundation.min.js"></script>
<!-- // -->
<script>
// FOUNDATION LOAD
$(document).foundation();
</script>
</body>
2)直接进入我的Failure类。为什么?我不知道。
PS:密码已SHA256 cryp。所以,我的密码试图与cryp:
正常:123456
与cryp: 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92
即使,去破坏过程。
而我的数据库行满足查询请求的要求。
我是否缺少配置?
春季安全版本:3.1 Spring MVC的版本:3.2
在此先感谢
你检查了服务器日志文件吗? – Henry
我在本地运行,我的jboss控制台不显示任何操作。直接进入失败班。 –
添加您的登录表单以及您正在使用的Spring Security版本。 –