1. 首頁
  2. 問答
  3. Spring MVC未對數據庫進行身份驗證

Spring MVC未對數據庫進行身份驗證

2016-08-12 28 views
0

我們正在使用Spring MVC 4.0,但我們無法對數據庫進行身份驗證。我們有以下Java安全配置類:Spring MVC未對數據庫進行身份驗證

@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 
@Autowired 
private DataSource dataSource; 

/** 
* Configura el acceso a la aplicación para los usuarios. 
*/ 
@Autowired 
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
    String queryUsers = "SELECT acod_usuario as username, ades_clave as password, true as enabled " + 
         "FROM t_usuarios " + 
         "WHERE acod_usuario = ?"; 
    String queryAuth = "SELECT acod_usuario as username, 'ROLE_USER' as role" + 
         "FROM t_usuarios " + 
         "WHERE acod_usuario = ?"; 
    auth.jdbcAuthentication().dataSource(dataSource). 
     usersByUsernameQuery(queryUsers). 
     authoritiesByUsernameQuery(queryAuth); 
} 

/** 
* Configuración de la seguridad HTTP. 
*/ 
@Override 
protected void configure(HttpSecurity http) throws Exception { 
    http.authorizeRequests(). 
      antMatchers("/home","/403","/resources/**").permitAll(). 
      anyRequest().hasAnyRole("ROLE_USER, ANONYMOUS"). 
      and(). 
     formLogin(). 
      loginPage("/home").usernameParameter("username").passwordParameter("password"). 
      and(). 
     logout(). 
      permitAll(). 
      and(). 
     exceptionHandling().accessDeniedPage("/403").and(). 
      csrf(); 
} 
}

Pagres授權工作正常,但我們無法使登錄與有效用戶一起工作。所有用戶都可以輸入應用程序,而不是在數據庫中存在。數據源配置也工作正常,

@Configuration 
@EnableWebMvc 
@ComponentScan(basePackages = "com.justinfact.web.*") 
public class WebConfig extends WebMvcConfigurerAdapter { 
private UsuarioDAO usuarioDAO; 
private CatalogosDAO catalogosDAO; 
private CFEDAO cfeDAO; 

/** 
* Registra la base de datos de backend, creando un connection pool. 
* 
* @return DataSource 
*/ 
@Bean 
public DataSource dataSource() { 
    BasicDataSource basicDataSource = new BasicDataSource(); 
    basicDataSource.setDriverClassName("com.mysql.jdbc.Driver"); 
    basicDataSource.setUrl("jdbc:mysql://localhost:3306/db"); 
    basicDataSource.setUsername("xxxxx"); 
    basicDataSource.setPassword("xxxxx"); 
    basicDataSource.setInitialSize(5); 
    basicDataSource.setMaxActive(10); 
    basicDataSource.setAccessToUnderlyingConnectionAllowed(true); 
    return basicDataSource; 
} 

/** 
* Se registra el template para trabajar con JDBC 
* 
* @return JdbcTemplate 
*/ 
@Bean 
public JdbcTemplate jdbcTemplate(DataSource dataSource) { 
    return new JdbcTemplate(dataSource); 
}

但似乎沒有查詢正在執行。我們已經測試了查詢並且爲我們工作得很好。登錄頁面是一個標準之一:

<div class="contenedor"> 
    <img src="<s:url value='resources' />/images/logo.jpg"  width="220" height="90" border="0" /> 
<h1> 
    Acceso Sistema 
</h1> 

<br> 
<c:url value="login" var="loginURL"/> 
<sf:form id="homeForm" action="${loginURL}" method="POST" commandName="user"> 
    <c:if test="${param.error != null}"> 
     <p>Usuario o clave incorrecta</p> 
    </c:if> 
    <c:if test="${param.logout != null}"> 
     <p>Ha salido correctamente de la aplicación</p> 
    </c:if> 
    <div class="div_form"> 
     <sf:input path="rut" placeholder="RUT empresa"/> 
    </div> 
    <div class="div_form"> 
     <sf:input path="username" placeholder="nombre de usuario"/><sf:errors path="username" /> 
    </div> 
    <div class="div_form"> 
     <sf:password path="password" placeholder="contraseña"/> 
    </div> 
    <div><a id="ingresar" href="#">Acceder</a></div> 
    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" /> 
</sf:form>

我們有一個基本的控制文件來管理此操作:

@Controller 
public class HomeController { 

private static final Logger logger = LoggerFactory.getLogger(HomeController.class); 


/** 
* Simply selects the home view to render by returning its name. 
*/ 
@RequestMapping(value = "home", method = RequestMethod.GET) 
public String home(Locale locale, Model model) { 
    logger.info("Welcome home! The client locale is {}.", locale); 

    /* 
    Date date = new Date(); 
    DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG, locale); 
    String formattedDate = dateFormat.format(date); 
    model.addAttribute("serverTime", formattedDate); 
    */ 
    model.addAttribute("user",new Login()); 
    return "home"; 
} 

/** 
* Realiza la gestión de la operación de login/acceso al sistema con usuario y clave. 
* 
* @param user 
* @param model 
* @return 
*/ 
@RequestMapping(value = "login", method = RequestMethod.POST) 
public String login(@Valid Login user, Model model, Errors errors) { 
    logger.info("en Login"); 
    logger.info(errors.toString()); 
    logger.info(user.toString()); 
    System.out.println(user); 
    model.addAttribute("user", user); 
    return "login"; 
} 
}

我們正在做的錯誤的方式?

在此先感謝

來源

2016-08-12 user1748166

+0

你是否有例外? – kuhajeyan

+0

順便說一句,你確定你想'anyonymus'for anyRequest() - anyRequest()。hasAnyRole(「ROLE_USER,ANONYMOUS」)。 – kuhajeyan

+0

我沒有收到異常,只是轉到下一頁,而用戶無效。我不知道在哪裏使用Spring Security中的「/ login」操作,如何調用它 – user1748166

回答

0

解決,

的一個問題是我有一個POST「/登錄」行動在我的控制器,它重寫使用Spring Security默認的登錄操作。現在它正在進行一些其他更改。

謝謝

來源

2016-08-12 16:45:56 user1748166

相關問題

 相關問題