2
後,我創建一個使用Spring Security進行認證的Spring MVC應用程序,這裏的彈簧security.xml文件春季安全自動登錄registeration
<http use-expressions="true">
<form-login login-page="/homepage.jsp" default-target-url="/homepage.jsp" authentication-failure-url="/homepage.jsp?login-success=false" />
<logout logout-success-url="/homepage.jsp" />
</http>
<authentication-manager alias="authenticationManager" >
<authentication-provider>
<password-encoder hash="sha" />
<jdbc-user-service data-source-ref="marketDataSource"
users-by-username-query="
select email_address, password, '1'
from user where email_address=?"
authorities-by-username-query="
select email_address, 'ROLE_USER' from user
where email_address=?"
/>
</authentication-provider>
</authentication-manager>
,當一個新的用戶嘗試註冊,填寫他從並按提交註冊,這將創建一個新用戶,如果註冊成功完成後,我嘗試使用這種方法註冊的用戶進行身份驗證:
private void authenticateUserAndSetSession(User user, HttpServletRequest request) {
List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_USER"));
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
user.getEmailAddress(), user.getPasswordSha(), grantedAuthorities);
request.getSession();
token.setDetails(new WebAuthenticationDetails(request));
try {
Authentication authenticatedUser = authenticationManager
.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
} catch (Exception e) {
e.printStackTrace();
}
}
我檢查了這個帖子Auto login after successful registration做出前面的方法,但是當我嘗試使用它時,它會拋出Bad Credential Exception,這個解決方案有什麼問題?
您是否將加密密碼傳遞給'UsernamePasswordAuthenticationToken'? –
是的,我正在傳遞加密密碼 –
這就是問題所在。在鏈接的帖子中,他們使用清除密碼 –