Khi người dùng điều hướng đến trang đăng nhập và bất kể sử dụng đúng tên người dùng và mật khẩu, Spring Security sẽ hiển thị thông báo lỗi sau. Tôi đánh giá sau câu hỏi nhưng vẫn có những lỗi tương tự 1, 2, 3Bảo mật mùa xuân không cho phép người dùng đăng nhập, nó không hiển thị bất kỳ lỗi nào
Your login attempt was not successful due to
Tôi đang sử dụng BCryptPasswordEncoder
, để mã hóa mật khẩu người dùng mới.
LoginForm
<c:if test="${not empty SPRING_SECURITY_LAST_EXCEPTION}">
<font color="red"> Your login attempt was not successful due
to <br />
<br /> <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />.
</font>
</c:if>
<c:if test="${not empty param.error}">
Invalid username and password.
</c:if>
<c:if test="${not empty error}">
<div class="error">${error}</div>
</c:if>
<c:if test="${not empty msg}">
<div class="msg">${msg}</div>
</c:if>
<form id="form-login" role="form" method="post"
action="<c:url value='/j_spring_security_check' />"
class="relative form form-default">
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" />
my-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:oxm="http://www.springframework.org/schema/oxm" xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd
http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm-3.2.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:8889/Project" />
<property name="username" value="test1" />
<property name="password" value="test1" />
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean"
depends-on="dataSource">
<property name="dataSource" ref="dataSource" />
<property name="packagesToScan" value="com.projec.model" />
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
<prop key="hibernate.format_sql">true</prop>
<prop key="hibernate.use_sql_comments">true</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.hbm2ddl.auto">update</prop>
</props>
</property>
</bean>
<bean id="transactionManager"
class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory"></property>
</bean>
<tx:advice id="txAdvice" transaction-manager="transactionManager">
<tx:attributes>
<tx:method name="get*" read-only="true" />
<tx:method name="find*" read-only="true" />
<tx:method name="*" />
</tx:attributes>
</tx:advice>
<aop:config>
<aop:pointcut id="userServicePointCut"
expression="execution(* com.project.service.*Service.*(..))" />
<aop:advisor advice-ref="txAdvice" pointcut-ref="userServicePointCut" />
</aop:config>
mùa xuân-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<beans:import resource='login-service.xml' />
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/member**" access="hasRole('ROLE_MEMBER')" />
<intercept-url pattern="/signin" access="permitAll" />
<access-denied-handler error-page="/403" />
<form-login login-page="/signin" default-target-url="/index"
authentication-failure-url="/signin?error" username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf />
</http>
<authentication-manager>
<authentication-provider user-service-ref="myMemberDetailsService">
<password-encoder hash="bcrypt" />
</authentication-provider>
</authentication-manager>
</beans:beans>
MyMemberDetailsService
@Service
public class MyMemberDetailsService implements UserDetailsService {
private MemberRepository memberRep;
@Override
public UserDetails loadUserByUsername(final String username)
throws UsernameNotFoundException {
Member member = memberRep.findByUserName(username);
HashSet<String> roles = new HashSet<String>();
roles.add("ROLE_MEMBER");
List<GrantedAuthority> authorities = buildUserAuthority(roles);
return buildUserForAuthentication(member, authorities);
}
private User buildUserForAuthentication(Member member,
List<GrantedAuthority> authorities) {
return new User(member.getUsername(), member.getPassword(),
member.isEnabled(), true, true, true, authorities);
}
private List<GrantedAuthority> buildUserAuthority(Set<String> userRoles) {
Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
for (String userRole : userRoles) {
setAuths.add(new SimpleGrantedAuthority(userRole));
}
List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(
setAuths);
return Result;
}
}
phiên bản mùa xuân
<spring.security.version>3.2.3.RELEASE</spring.security.version>
<spring.version>3.2.8.RELEASE</spring.version>
Dường như bạn đang sử dụng một cài đặt tùy chỉnh của UserDetailsService. Bạn có thể cung cấp mã cho MemberDetailsService không? – greyfox
@greyfox Tôi chỉ bao gồm UserDetailsService nhờ –
Giả sử bạn đang sử dụng bảo mật mùa xuân 3.2.x - url định dạng hành động mặc định phải là '/ login' (thay vì' j_spring_security_check') – fateddy