users-by-username-query返回沒有結果

Question

我想從數據庫中獲取認證角色。桌子在那裏，這裏是我的上下文：

<!-- Configures in-memory implementation of the UserDetailsService implementation --> 
<security:authentication-manager alias="authenticationManager"> 
    <security:authentication-provider> 
    <security:jdbc-user-service data-source-ref="dataSource" 
     users-by-username-query="select * from users where email=?" 
     authorities-by-username-query="select u.email, ur.authority from users u, usersroles ur where u.id = ur.userid and u.email = ?" 
    /> 
    </security:authentication-provider> 
</security:authentication-manager> 

用戶通過電子郵件進行身份驗證。當DB控制檯這樣的查詢，它返回一個obejct，但是當我看看日誌，我發現：

16:18:55,517 DEBUG JdbcTemplate:637 - Executing prepared SQL query 
16:18:55,518 DEBUG JdbcTemplate:572 - Executing prepared SQL statement [select * from users where email=?] 
16:18:55,519 DEBUG DataSourceUtils:110 - Fetching JDBC Connection from DataSource 
16:18:55,519 DEBUG DriverManagerDataSource:162 - Creating new JDBC DriverManager Connection to [jdbc:h2:file:../lib/Money] 
16:18:55,582 DEBUG DataSourceUtils:327 - Returning JDBC Connection to DataSource 
16:18:55,607 DEBUG JdbcUserDetailsManager:154 - Query returned no results for user '' 
16:18:55,610 DEBUG DaoAuthenticationProvider:134 - User '' not found 
16:18:55,610 DEBUG UsernamePasswordAuthenticationFilter:346 - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials 

我在做什麼錯？

用戶和密碼從前端代碼發送。我猜，一切都很好。我發送一個簡單的JSON用戶名和密碼。我覺得autenticationManager有問題。下面是代碼：

<!-- Configures a custom login filter bean --> 
<bean id="loginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> 
    <property name="authenticationManager" ref="authenticationManager"/> 
    <property name="authenticationFailureHandler" ref="restAuthenticationFailureHandler"/> 
    <property name="authenticationSuccessHandler" ref="restAuthenticationSuccessHandler"/> 
    <property name="filterProcessesUrl" value="/api/login/"/> 
    <property name="usernameParameter" value="username"/> 
    <property name="passwordParameter" value="password"/> 
    <property name="postOnly" value="true"/> 
</bean> 

Answer 1

嘗試寫通過用戶名查詢的用戶，使其在這個順序返回3個參數：

• 用戶名
• 密碼
• 啓用

例如：

<security:jdbc-user-service data-source-ref="dataSource" 
    users-by-username-query="SELECT username, password, true FROM users WHERE email=?" 
    authorities-by-username-query="select u.email, ur.authority from users u, usersroles ur where u.id = ur.userid and u.email = ?" 
/> 

Answer 2

配置就像那樣。

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.2.xsd"> 

    <!-- enable use-expressions --> 
    <http auto-config="true" use-expressions="true"> 

     <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" /> 

     <!-- access denied page --> 
     <access-denied-handler error-page="/403" /> 

     <form-login 
      login-page="/login" 
      default-target-url="/welcome" 
      authentication-failure-url="/login?error" 
      username-parameter="username" 
      password-parameter="password" /> 
     <logout logout-success-url="/login?logout" /> 
     <!-- enable csrf protection --> 
     <csrf/> 
    </http> 

    <!-- Select users and user_roles from database --> 
    <authentication-manager> 
     <authentication-provider> 
     <jdbc-user-service data-source-ref="dataSource" 
      users-by-username-query= 
      "select username,password, enabled from users where username=?" 
      authorities-by-username-query= 
      "select username, role from user_roles where username =? " /> 
     </authentication-provider> 
    </authentication-manager> 

</beans:beans>