0

我们需要有关使用 Spring Security 进行身份验证的帮助。当我们尝试为我们的应用程序输入登录凭据并单击提交时,我们收到了无效凭据错误。

我们已经检查了数据库,并且我们用于登录的身份验证详细信息似乎是正确的。但仍然得到以下异常

[DEBUG,LdapAuthenticationProvider,http-localhost%2F127.0.0.1-8080-1] Processing         authentication request for user: admin
[DEBUG,FilterBasedLdapUserSearch,http-localhost%2F127.0.0.1-8080-1] Searching for user    'admin', with user search [ searchFilter: 'sAMAccountName={0}', searchBase:    'DC=ad,DC=infosys,DC=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: true ]
[INFO,SpringSecurityLdapTemplate,http-localhost%2F127.0.0.1-8080-1] Ignoring PartialResultException
[WARN,LoggerListener,http-localhost%2F127.0.0.1-8080-1] Authentication event AuthenticationFailureBadCredentialsEvent: admin; details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: DEC9042719AA53736897C4383DCF8FE8; exception: Bad credentials
[DEBUG,UsernamePasswordAuthenticationFilter,http-localhost%2F127.0.0.1-8080-1] Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

我正在尝试连接到 sqlserver2008 数据库并尝试登录。下面是我们正在使用的 security.xml 文件

<http auto-config='false' realm="MaskIT Realm" access-denied-page="/403.jsp">
        <intercept-url pattern="/*.htm" access="ROLE_ADMIN,ROLE_REQUESTOR,ROLE_APPROVER" />
        <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <form-login login-page="/login.jsp"
              authentication-failure-url="/login.jsp?login_error=1"
              default-target-url="/redirect.jsp" />
        <http-basic />
        <intercept-url pattern="/securityService" access="IS_AUTHENTICATED_ANONYMOUSLY"
              requires-channel="http" />
        <logout logout-success-url="/login.jsp" />
  </http>
  <b:bean id="myAuthenticationProvider"
      class="com.infosys.setl.himi.maskit.security.SwitchingAuthenticationProvider">
    <b:constructor-arg ref="paramManager" />
    <b:property name="providers">
        <b:list>
            <b:ref local="daoAuthenticationProvider" />
            <b:ref local="ldapProvider" />

        </b:list>
    </b:property>
</b:bean>


<b:bean id="daoAuthenticationProvider"
        class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <b:property name="userDetailsService" ref="userDetailsService" />
        <!--  <b:property name="passwordEncoder" ref="passwordEncoder" /> -->
  </b:bean>


  <b:bean id="userDetailsService"
        class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
        <b:property name="dataSource" ref="dataSourceMSSQL" />
        <b:property name="usersByUsernameQuery">
              <b:value>SELECT user_id ,password,active FROM sec_users
                    WHERE
                    user_id=?</b:value>
        </b:property>
        <b:property name="authoritiesByUsernameQuery">
          <b:value>SELECT a.user_id AS user_id,b.roleName AS roleName FROM
                    sec_users a, emaskit_roles b
                    WHERE a.roleID = b.roleID AND
                    a.user_id=?</b:value>
        </b:property>
  </b:bean>

我想知道如何以及何时执行 sql 查询以检查身份验证。它是调用任何 java 类(以便我可以调试代码并检查失败的地方)来执行检查还是由 Spring 框架在内部完成。

请协助。提前致谢

4

1 回答 1

1

我的兄弟是,您的日志文件显示您尝试使用 Ldap 进行身份验证(LdapAuthenticationProvider),但您的 xml 文件显示您尝试使用DaoAuthenticationProvider.

我真的认为您已经大量部署了,要么您查看/部署了错误的服务器,要么您根本没有部署(实际版本)应用程序。

此外,您的配置中有一个错误:您必须告诉 spring security 使用您的daoAuthenticationProvider

添加这个:

<authentication-manager alias="authenticationManager">
    <authentication-provider ref="daoAuthenticationProvider"/>
</authentication-manager>
于 2013-03-22T08:48:54.327 回答