Bảo mật mùa xuân không cho phép người dùng đăng nhập, nó không hiển thị bất kỳ lỗi nào

Question

Khi người dùng điều hướng đến trang đăng nhập và bất kể sử dụng đúng tên người dùng và mật khẩu, Spring Security sẽ hiển thị thông báo lỗi sau. Tôi đánh giá sau câu hỏi nhưng vẫn có những lỗi tương tự 1, 2, 3

Your login attempt was not successful due to 

Tôi đang sử dụng BCryptPasswordEncoder, để mã hóa mật khẩu người dùng mới.

LoginForm

<c:if test="${not empty SPRING_SECURITY_LAST_EXCEPTION}"> 
      <font color="red"> Your login attempt was not successful due 
       to <br /> 
      <br /> <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />. 
      </font> 
     </c:if> 
       <c:if test="${not empty param.error}"> 
        Invalid username and password. 
       </c:if> 
       <c:if test="${not empty error}"> 
        <div class="error">${error}</div> 
       </c:if> 
       <c:if test="${not empty msg}"> 
        <div class="msg">${msg}</div> 
       </c:if> 
       <form id="form-login" role="form" method="post" 
         action="<c:url value='/j_spring_security_check' />" 
         class="relative form form-default"> 
         <input type="hidden" name="${_csrf.parameterName}" 
          value="${_csrf.token}" /> 

my-servlet.xml

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns:mvc="http://www.springframework.org/schema/mvc" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans" 
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx" 
    xmlns:oxm="http://www.springframework.org/schema/oxm" xmlns:aop="http://www.springframework.org/schema/aop" 
    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd 
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd 
http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm-3.2.xsd 
http://www.springframework.org/schema/aop 
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"> 

<bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource" 
     destroy-method="close"> 
     <property name="driverClassName" value="com.mysql.jdbc.Driver" /> 
     <property name="url" value="jdbc:mysql://localhost:8889/Project" /> 
     <property name="username" value="test1" /> 
     <property name="password" value="test1" /> 
    </bean> 

    <bean id="sessionFactory" 
     class="org.springframework.orm.hibernate4.LocalSessionFactoryBean" 
     depends-on="dataSource"> 
     <property name="dataSource" ref="dataSource" /> 
     <property name="packagesToScan" value="com.projec.model" /> 
     <property name="hibernateProperties"> 
      <props> 
       <prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop> 
       <prop key="hibernate.format_sql">true</prop> 
       <prop key="hibernate.use_sql_comments">true</prop> 
       <prop key="hibernate.show_sql">true</prop> 
       <prop key="hibernate.hbm2ddl.auto">update</prop> 
      </props> 
     </property> 
    </bean> 

    <bean id="transactionManager" 
     class="org.springframework.orm.hibernate4.HibernateTransactionManager"> 
     <property name="sessionFactory" ref="sessionFactory"></property> 
    </bean> 

    <tx:advice id="txAdvice" transaction-manager="transactionManager"> 
     <tx:attributes> 
      <tx:method name="get*" read-only="true" /> 
      <tx:method name="find*" read-only="true" /> 
      <tx:method name="*" /> 
     </tx:attributes> 
    </tx:advice> 

    <aop:config> 
     <aop:pointcut id="userServicePointCut" 
      expression="execution(* com.project.service.*Service.*(..))" /> 
     <aop:advisor advice-ref="txAdvice" pointcut-ref="userServicePointCut" /> 
    </aop:config> 

mùa xuân-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.2.xsd"> 



    <beans:import resource='login-service.xml' /> 
    <http auto-config="true" use-expressions="true"> 
     <intercept-url pattern="/" access="permitAll" /> 
     <intercept-url pattern="/member**" access="hasRole('ROLE_MEMBER')" /> 
     <intercept-url pattern="/signin" access="permitAll" /> 


     <access-denied-handler error-page="/403" /> 
     <form-login login-page="/signin" default-target-url="/index" 
      authentication-failure-url="/signin?error" username-parameter="username" 
      password-parameter="password" /> 
     <logout logout-success-url="/login?logout" /> 
     <!-- enable csrf protection --> 
     <csrf /> 
    </http> 
    <authentication-manager> 
     <authentication-provider user-service-ref="myMemberDetailsService"> 
      <password-encoder hash="bcrypt" /> 
     </authentication-provider> 
    </authentication-manager> 
</beans:beans> 

MyMemberDetailsService

@Service 
public class MyMemberDetailsService implements UserDetailsService { 

    private MemberRepository memberRep; 

    @Override 
    public UserDetails loadUserByUsername(final String username) 
      throws UsernameNotFoundException { 
     Member member = memberRep.findByUserName(username); 
     HashSet<String> roles = new HashSet<String>(); 
     roles.add("ROLE_MEMBER"); 
     List<GrantedAuthority> authorities = buildUserAuthority(roles); 
     return buildUserForAuthentication(member, authorities); 

    } 

    private User buildUserForAuthentication(Member member, 
      List<GrantedAuthority> authorities) { 
     return new User(member.getUsername(), member.getPassword(), 
       member.isEnabled(), true, true, true, authorities); 
    } 

    private List<GrantedAuthority> buildUserAuthority(Set<String> userRoles) { 

     Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>(); 

     for (String userRole : userRoles) { 
      setAuths.add(new SimpleGrantedAuthority(userRole)); 
     } 

     List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(
       setAuths); 

     return Result; 
    } 

} 

phiên bản mùa xuân

<spring.security.version>3.2.3.RELEASE</spring.security.version> 
    <spring.version>3.2.8.RELEASE</spring.version> 

Answer 1

Bạn cấu hình trang đăng nhập của bạn với

<form-login login-page="/signin" default-target-url="/index" 
authentication-failure-url="/signin?error" username-parameter="username" 
password-parameter="password" /> 

Nhưng hành động dưới hình thức bài viết của bạn là: <c:url value='/j_spring_security_check' />
nó nên thích sau

<form method="POST" action="@{/signin}" role="form"> 
    <label for="username">Username</label> 
    <input type="text" id="username" name="username"/>   
    <label for="password">Password</label> 
    <input type="password" id="password" name="password"/>  
    <div class="form-actions"> 
     <button type="submit" class="btn">Log in</button> 
    </div> 
</form> 

kiểm tra các chi tiết của Custom login using spring-security