0

我正在尝试让 spring 对我的 mysql 数据库中的用户进行身份验证。它适用于内存中的用户。我遵循了有关此的每个教程,但仍然无法正常工作,我不明白为什么,因为它需要一个非常基本的配置。

我的 applicationContext.xml:

<?xml version="1.0" encoding="UTF-8"?>


<beans:beans xmlns="http://www.springframework.org/schema/security"
 xmlns:beans="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans
                     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                     http://www.springframework.org/schema/security
               http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http security="none" pattern="/javax.faces.resource/**" />
<http security="none" pattern="/static/**"/>
<http auto-config="true" use-expressions="true"
                         access-denied-page="/public/login.xhtml">

    <intercept-url pattern="/public/**" access="permitAll"/>
    <intercept-url pattern="/secure/adm.xhtml" access="hasRole('ROLE_ADMIN')"/>
    <intercept-url pattern="/secure/**" access="hasRole('ROLE_USER')"/>
    <intercept-url pattern="/login.xhtml" access="permitAll"/>
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
    <form-login login-page="/public/login.xhtml"
                authentication-failure-url="/public/login.xhtml?erro=true"
                default-target-url="/secure/secure.xhtml"
                username-parameter="usuario"
                password-parameter="senha"
                /> <!--login-processing-url-->
    <logout/>
    <session-management invalid-session-url="/timeout.jsp">
        <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
    </session-management>
</http>


<beans:bean id="dataSource"
            class="org.springframework.jdbc.datasource.DriverManagerDataSource" >

    <beans:property name="url" value="jdbc:mysql://localhost:3306/gde" />
    <beans:property name="driverClassName" value="com.mysql.jdbc.Driver" />
    <beans:property name="username" value="root" />
    <beans:property name="password" value="" />
</beans:bean>

<authentication-manager alias="authenticationManager">
    <authentication-provider>

        <user-service>
            <user name="a" password="b" authorities="ROLE_USER"/>
            <user name="b" password="a" authorities="ROLE_ADMIN"/> 
        </user-service>

        <jdbc-user-service data-source-ref="dataSource"
                           users-by-username-query="SELECT USUARIO as username, SENHA as password, ISATIVO as enabled FROM usuario WHERE USUARIO=?"

                           authorities-by-username-query="SELECT USUARIO_USUARIO as username, AUTORIZACOES_TIPO as authority FROM usuario_tipo_usuario WHERE USUARIO_USUARIO=?"
        />
    </authentication-provider>
</authentication-manager>
</beans:beans>

对于 a/b 和 b/a,它的身份验证很好。

4

1 回答 1

0

正式回答:我只需要删除内存用户并让它工作,虽然我不太明白为什么。谢谢你,蓝脚和卢克泰勒。

于 2012-11-22T18:38:31.203 回答