Spring安全認證問題

Question

我們需要關於使用Spring Security進行認證的幫助。當我們嘗試爲我們的應用程序輸入登錄憑據並單擊提交時，我們會收到無效的憑據錯誤。

我們檢查了數據庫和我們用來登錄的認證細節似乎是正確的。但仍然得到下面的異常

[DEBUG,LdapAuthenticationProvider,http-localhost%2F127.0.0.1-8080-1] Processing   authentication request for user: admin 
[DEBUG,FilterBasedLdapUserSearch,http-localhost%2F127.0.0.1-8080-1] Searching for user 'admin', with user search [ searchFilter: 'sAMAccountName={0}', searchBase: 'DC=ad,DC=infosys,DC=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: true ] 
[INFO,SpringSecurityLdapTemplate,http-localhost%2F127.0.0.1-8080-1] Ignoring PartialResultException 
[WARN,LoggerListener,http-localhost%2F127.0.0.1-8080-1] Authentication event AuthenticationFailureBadCredentialsEvent: admin; details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: DEC9042719AA53736897C4383DCF8FE8; exception: Bad credentials 
[DEBUG,UsernamePasswordAuthenticationFilter,http-localhost%2F127.0.0.1-8080-1] Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials 

我試着連接到數據庫SQLSERVER2008，並試圖login.Below的是，我們正在使用

<http auto-config='false' realm="MaskIT Realm" access-denied-page="/403.jsp"> 
     <intercept-url pattern="/*.htm" access="ROLE_ADMIN,ROLE_REQUESTOR,ROLE_APPROVER" /> 
     <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
     <form-login login-page="/login.jsp" 
       authentication-failure-url="/login.jsp?login_error=1" 
       default-target-url="/redirect.jsp" /> 
     <http-basic /> 
     <intercept-url pattern="/securityService" access="IS_AUTHENTICATED_ANONYMOUSLY" 
       requires-channel="http" /> 
     <logout logout-success-url="/login.jsp" /> 
    </http> 
    <b:bean id="myAuthenticationProvider" 
     class="com.infosys.setl.himi.maskit.security.SwitchingAuthenticationProvider"> 
    <b:constructor-arg ref="paramManager" /> 
    <b:property name="providers"> 
     <b:list> 
      <b:ref local="daoAuthenticationProvider" /> 
      <b:ref local="ldapProvider" /> 

     </b:list> 
    </b:property> 
</b:bean> 


<b:bean id="daoAuthenticationProvider" 
     class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> 
     <b:property name="userDetailsService" ref="userDetailsService" /> 
     <!-- <b:property name="passwordEncoder" ref="passwordEncoder" /> --> 
    </b:bean> 


    <b:bean id="userDetailsService" 
     class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl"> 
     <b:property name="dataSource" ref="dataSourceMSSQL" /> 
     <b:property name="usersByUsernameQuery"> 
       <b:value>SELECT user_id ,password,active FROM sec_users 
        WHERE 
        user_id=?</b:value> 
     </b:property> 
     <b:property name="authoritiesByUsernameQuery"> 
      <b:value>SELECT a.user_id AS user_id,b.roleName AS roleName FROM 
        sec_users a, emaskit_roles b 
        WHERE a.roleID = b.roleID AND 
        a.user_id=?</b:value> 
     </b:property> 
    </b:bean> 

我想security.xml文件知道如何&當sql查詢執行時檢查身份驗證。它是否調用任何Java類（以便我可以調試代碼並檢查它失敗的位置）來執行檢查，還是由Spring框架內部完成？

請協助。在此先感謝

Answer 1

兄弟我是你logfile顯示你嘗試使用Ldap進行身份驗證（ LdapAuthenticationProvider），但你的xml文件顯示你嘗試使用 DaoAuthenticationProvider。

我真的認爲你集中部署了你，或者你看/部署在錯誤的服務器上，或者根本沒有部署（實際版本）應用程序。

此外，還有在你配置中的錯誤：你要告訴春季安全使用您的daoAuthenticationProvider：

補充一點：

<authentication-manager alias="authenticationManager"> 
    <authentication-provider ref="daoAuthenticationProvider"/> 
</authentication-manager>