2
嘿,我有一點與我的基於springsecurity登錄亂春季安全/休眠:即使它們是正確的,憑據也不正確?
我不斷收到錯誤「壞憑據」
這裏是我的用戶表:
[用戶表] [1 ]
下面是從ApplicationContext中我數據源:
<!-- database driver/location -->
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/ams" />
<property name="username" value="root" />
<property name="password" value="root" />
</bean>
和我的SecurityContext:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!-- <security:http auto-config="true" access-decision-manager-ref="accessDecisionManager"> -->
<security:http auto-config="true">
<security:intercept-url pattern="/login/login.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/login/doLogin.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/lib/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />
<security:form-login login-page="/login/login.do" authentication-failure-url="/login/login.do?login_error=true" default-target-url="/test/showTest.do"/>
<security:logout logout-success-url="/login/login.do" invalidate-session="true" />
<security:remember-me key="rememberMe"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select USERNAME as username, PASSWORD as password, DELETED as deleted from ams.user where USERNAME=?"
authorities-by-username-query="
select distinct user.USERNAME as username, permission.NAME as authority
from scu.user, scu.user_role, scu.role, scu.role_permission, scu.permission
where user.ID=user_role.USER_ID AND user_role.ROLE_ID=role_permission.ROLE_ID AND role_permission.PERMISSION_ID=permission.ID AND user.USERNAME=?"/>
<!-- security:password-encoder ref="passwordEncoder" /> -->
</security:authentication-provider>
</security:authentication-manager>
<bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<constructor-arg value="256" />
</bean>
</beans>
當我嘗試登錄:admin和init01
它給我的錯誤壞證書... =(
任何建議都感激!
哈希密碼編碼器不是問題,我剛剛評論它所以你可以看到真正的密碼實際上是什麼...... 它不改變任何東西,當我使用它或當我不使用它 – 2013-02-20 20:01:29
最有可能的是這個問題。沒有它,它將不會工作,除非它生成的字符串與數據庫中的字符串完全匹配,否則它將無法使用它。因此,鏈接。檢查日誌,如果有疑問,使用調試器並設置一個斷點[here](https://github.com/SpringSource/spring-security/blob/master/core/src/main/java/org/springframework/security /authentication/dao/DaoAuthenticationProvider.java#L84)。如果驗證因密碼不匹配而失敗,您還應該看到該日誌消息。 – 2013-02-20 20:24:04
我知道init01的散列(這是與其他用戶一起使用的散列),並且它絕對不起作用 但是,謝謝我一定會經歷那個 – 2013-02-20 20:31:04