我正在一個春季項目,涉及使用存儲在數據庫中的憑據登錄。現在,似乎工作得很好,唯一的辦法是,無論何時我登錄頁面,它都會自動填入「jimi」作爲用戶名和密碼,甚至沒有我輸入任何內容。春季安全自動填寫名稱和用戶名,並與哈希密碼問題
這是我的xml配置:
彈簧security.xml文件
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<headers>
<cache-control />
</headers>
<intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
<form-login login-page="/user/login"
default-target-url="/home"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"
login-processing-url="/auth/login_check" />
<logout logout-success-url="/login?logout" delete-cookies="JSESSIONID" />
</http>
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select email,password, enabled from user where email=?"
authorities-by-username-query=
"select email, role from user_roles where email =? " />
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
</beans:bean>
</beans:beans>
彈簧database.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://connectionurl" />
<property name="username" value="user" />
<property name="password" value="pass" />
</bean>
</beans>
MVC-調度-servlet.xml中
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd">
<import resource="spring-database.xml"/>
<import resource="spring-security.xml"/>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/jsp/"
p:suffix=".jsp" />
<bean id="jpaDialect" class="org.springframework.orm.jpa.vendor.HibernateJpaDialect"/>
<bean id="emf"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="persistenceUnitName" value="medicapp" />
<property name="dataSource" ref="dataSource" />
<property name="persistenceProvider">
<bean class="org.hibernate.jpa.HibernatePersistenceProvider" />
</property>
</bean>
<bean id="tm" class="org.springframework.orm.jpa.JpaTransactionManager" p:entityManagerFactory-ref="emf" p:jpaDialect-ref="jpaDialect"/>
<tx:annotation-driven transaction-manager="tm"/>
<context:component-scan base-package="medicapp.*" />
<context:spring-configured />
<context:annotation-config />
<mvc:resources mapping="/resources/**" location="/resources/mytheme/" />
<mvc:annotation-driven/>
</beans>
現在爲iss用哈希算法。正如你所看到的,我有一個在我的spring-security.xml中聲明的BCrypt編碼器bean。但是,當我嘗試使用它時,我無法登錄。但是,如果沒有它,我可以登錄。我散列使用此密碼生成器的密碼:
PasswordGenerator.java
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
public class PasswordEncoderGenerator {
public static void main(String[] args) {
String password = "123456";
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String hashedPassword = passwordEncoder.encode(password);
System.out.println(hashedPassword);
}
}
我複製/粘貼在我的數據庫從那裏輸出,但沒有運氣
任何幫助表示讚賞。
親切的問候!
嘗試清除瀏覽器緩存。如果用戶名密碼都是存在的,它是填充它不是Spring應用程序的瀏覽器。 – 2015-01-21 13:46:55
真的那麼簡單嗎?親愛的上帝,爲什麼我自己沒有想到這件事。 你是否也對加密有解釋? – 2015-01-21 14:49:44