春季安全：数据库认证供应商 [英] Spring Security:DataBase authentication provider

问题描述

无法获得春季安全与DB身份验证提供者的工作。结果
在内存中的身份验证提供工程确定。

Can't get Spring Security to work with DB authentication provider.
In-memory authentication provider works OK.

步骤重现：结果
当我登录凭据 SB ， SB ，登录（）的方法的AuthenticationService 返回假。结果
有没有相关的日志中的Tomcat 。

Step to reproduce:
when I logged with credentials sb,sb,login() method of AuthenticationService returned false.
There are no related log in Tomcat.

的applicationContext.xml：

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
    <property name="url" value="jdbc:mysql://localhost/chirokDB?useUnicode=true&amp;characterEncoding=utf8"/>
    <property name="username" value="root"/>
    <property name="password" value="root"/>
</bean>

<bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
        <property name="dataSource" ref="dataSource"/>
</bean>

服务层：

@Service("authenticationService")
   public class AuthenticationServiceImpl implements AuthenticationService {
    @Resource(name = "authenticationManager")
    private AuthenticationManager authenticationManager;
        public boolean login(String username, String password) {
        try {
        Authentication authenticate = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(
                    username, password));
            if (authenticate.isAuthenticated()) {
    SecurityContextHolder.getContext().setAuthentication(authenticate);
                    return true;
                }
            } catch (AuthenticationException e) {
            }
            return false;
   }

管理Bean级别：

public String doLogin() {
    boolean isLoggedIn = authenticationService.login(name, password);
    if (isLoggedIn) {
        return "index";
    }
    FacesContext.getCurrentInstance().addMessage("login failure", new FacesMessage());
    return "failureLogin";
}

的applicationContext-security.xml文件：

<global-method-security pre-post-annotations="enabled"/>  
    <http auto-config="true">
    <form-login login-page="/login.xhtml" default-target-url="/index.xhtml"/>
        <intercept-url pattern="/contacts.xhtml" access="ROLE_ANONYMOUS,ROLE_USER"/>
        <intercept-url pattern="/delivery.xhtml" access="ROLE_USER"/>
        <logout invalidate-session="true"/>
        <session-management>
            <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
        </session-management>   
    </http>          

    <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource"/>
        </authentication-provider>
    </authentication-manager>

持续等级：结果
MySQL数据库有以下标准表（在Spring的）：结果
1.用户结果
2.当局

persistence level:
MySql DB has following standard tables(required by Spring):
1. users
2. authorities

用户表与用户名='某人'和密码='某人'结果记录
当局表中有记录的用户名='某人'和权威='ROLE_USER

users table has record with username='sb' and password='sb'
authorities table has record with username='sb' and authority='ROLE_USER'

注意结果
与用户内存中所有可以与以下配置确定：

note
with user-in memory all works OK with following config:

    <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <user-service>
                <user name="sb" password="sb" authorities="ROLE_USER"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>

假设：结果
数据源注入 org.springframework.security.core.userdetails.jdbc.JdbcDaoImp​​l 结果
至于Hibernate的ORM使用，可能还有一些其他的比 JdbcDaoImp​​l 应使用？

推荐答案

检查，如果你要在你的空catch块的例外（始终是一个坏主意）。

Check if you're getting an Exception in your empty catch block (which always is a bad idea).

这篇关于春季安全：数据库认证供应商的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！