0

我对 Spring/Spring Security 相当陌生,我已经尽我所能解决这个问题,但我似乎一次又一次地没有把它弄好。问题如下:登录无法正常工作 - 即使使用正确的凭据,它也会不断提示它们似乎不正确。我正在使用 Spring Security 和 Spring mvc + Oracle (hibernate + jpa)。非常感谢您的帮助,非常感谢您!

这是我的配置文件。(部分)

1. security.xml

<http auto-config="true">
    <intercept-url pattern="/welcome*" access="ROLE_USER" />
    <form-login login-page="/login" default-target-url="/welcome"
        authentication-failure-url="/loginfailed" />
    <logout logout-success-url="/logout" />
</http>

<!-- <password-encoder hash="md5" /> -->

<authentication-manager>
    <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="
          SELECT username, password, 'TRUE'
          FROM users WHERE username=?"

            authorities-by-username-query="
          SELECT u.username, ur.authority FROM users u, user_roles ur 
          WHERE u.user_id = ur.user_id AND u.username=?  " />
    </authentication-provider>
</authentication-manager>

2. web.xml

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

3. data.xml

<!-- Transaction managing using the @Transactional annotation -->
<tx:annotation-driven transaction-manager="transactionManager" />

<!-- Transaction Manager -->
<bean id="transactionManager"
    class="org.springframework.orm.hibernate3.HibernateTransactionManager">
    <property name="sessionFactory" ref="sessionFactory" />
</bean>


<bean
    class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix">
        <value>/WEB-INF/pages/</value>
    </property>
    <property name="suffix">
        <value>.jsp</value>
    </property>
</bean>

<bean id="messageSource"
    class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
    <property name="basenames">
        <list>
            <value>msgs</value>
        </list>
    </property>
    <property name="defaultEncoding" value="UTF-8" />
</bean>

<!-- ////////////////////////////////////////////////////////////////////////// -->

    <bean id="propertyConfigurer"
    class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
    p:location="/WEB-INF/jdbc.properties"/>

<!-- ////////////////////////////////////////////////////////////////////////// "-->

<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"
    destroy-method="close">
    <property name="driverClass" value="${jdbc.driverClassName}" />
    <property name="jdbcUrl" value="${jdbc.databaseurl}" />
    <property name="user" value="${jdbc.username}" />
    <property name="password" value="${jdbc.password}" />

</bean>

<!-- ////////////////////////////////////////////////////////////////////////// -->

<!-- Hibernate SessionFactory configuration -->
<bean id="sessionFactory"
    class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
    <property name="dataSource" ref="dataSource" />
    <property name="packagesToScan" value="com.tsystems.javaschool.kts.domain" />
    <property name="hibernateProperties">
        <props>
            <prop key="hibernate.show_sql">true</prop>
            <prop key="hibernate.dialect">${jdbc.dialect}</prop>
            <prop key="hibernate.connection.charSet">UTF-8</prop>
        </props>
    </property>
</bean>
4

1 回答 1

0

现在很难看到错误,但我可以为您提供一些适合我的示例:

web.xml 的一部分: 

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

…………

您是否在您的 web.xml(web.xml 的另一部分)中包含 XML 文件 (security.xml)?

<listener>
    <listener-class>
    org.springframework.web.context.ContextLoaderListener
    </listener-class>
</listener>
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/security-config.xml</param-value>
  </context-param>

security-config.xml 的一部分(DATA 是 shema,ROLE 和 USER 是表):

<http auto-config='true'>
        <intercept-url pattern="/login**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
        <intercept-url pattern="/**" access="ROLE_GUEST, ROLE_ADMIN" />
        <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=t"/>
        <logout logout-success-url="/login.jsp?logout=t"/>
    </http>
    <authentication-manager>
        <authentication-provider>
        <password-encoder hash="md5"/>
            <jdbc-user-service data-source-ref="ds" authorities-by-username-query="select USERNAME as username, ROLE as authority from DATA.ROLE where USERNAME=?"
            users-by-username-query="select USERNAME as username, PASSWORD as password, 'true' AS enabled from DATA.USER where USERNAME=?"/>
        </authentication-provider>
    </authentication-manager>

以及 JSP 页面的一部分(login.jsp):

<c:when test="${param.logout == 't'}">

// show when I logout
.......

</c:when>
<c:when test="${param.login_error == 't'}">

// show when username or password is not correct
.......

</c:when>
<c:otherwise>
.....
<form method="POST" action="<%= response.encodeURL(request.getContextPath() + "/j_spring_security_check") %>" >
......
<input class="input" type="text" name="j_username" />
......
<input class="input" type="password" name="j_password" />
.....
<input type="submit" value="Login" name="Login" />
.....
</c:otherwise>

如果还是不行,请写在这里。

于 2012-11-20T16:53:54.263 回答