春天开机使用Spring Security和自定义数据库

Question

对不起提前为我的英语不好..

既然我已经改变了我的数据库配置我没有成功登录我对我的应用程序。 我正在使用Spring安全性。在进行更改之前，所有的工作。

我有两个实体：

• User.java
• UserRole.java

User.java

package betizy.models; 

//imports 

@Entity 
@Table(name = "use_user") 
public class User { 


@Id 
@GeneratedValue(strategy = GenerationType.AUTO) 
@Column(name="USE_ID") 
private Long id; 

@NotNull 
@Column(name = "USE_USERNAME") 
private String username; 

@NotNull 
@Column(name = "USE_PASSWORD") 
private String password; 

@NotNull 
@Column(name = "USE_EMAIL") 
private String email; 


//getters and setters 
} 

UserRole.java

package betizy.models; 

//imports 

@Entity 
@Table(name = "usr_user_role") 
public class UserRole { 

@Id 
@GeneratedValue(strategy = GenerationType.AUTO) 
@Column(name="USR_ID") 
private Long id; 

@ManyToOne 
@JoinColumn(name = "USR_USE_ID") 
private User user; 

@NotNull 
@Column(name = "USR_ROLE") 
private String role; 

//getters and setters 
} 

的login.html

<!DOCTYPE html> 
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"> 
<head> 
    <title>Spring Security Example </title> 
    <script src="/webjars/angularjs/1.4.9/angular.js"></script> 
    <script src="webjars/jquery/2.0.3/jquery.min.js"></script> 

    <link rel="stylesheet" href="/webjars/bootstrap/3.3.6/css/bootstrap.css"> 

    <script src="/js/index.js"></script> 
</head> 
<body ng-app="Betizy"> 
     <div header></div> 
     <div th:if="${param.error}"> 
      Invalid username and password. 
     </div> 
     <div th:if="${param.logout}"> 
      You have been logged out. 
     </div> 
     <form th:action="@{/login}" method="post"> 
      <div><label> User Name : <input type="text" name="username" required/> </label></div> 
      <div><label> Password: <input type="password" name="password" required/> </label></div> 
      <div><input type="submit" value="Sign In"/></div> 
     </form> 
     <div>To open a new account click <a href="/register">here</a>. </div> 
     <div footer></div> 
</body> 
</html> 

SecurityConfig.java

package betizy.security; 

//imports 

@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 


@Autowired 
DataSource dataSource; 

@Autowired 
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception { 

    auth.jdbcAuthentication().dataSource(dataSource) 
      //.passwordEncoder(passwordEncoder()) 
      .usersByUsernameQuery(
        "select * from use_user where use_user.use_username=?") 
      .authoritiesByUsernameQuery(
        "select * from usr_user_role inner join use_user on use_user.use_id = usr_user_role.usr_use_id where use_user.use_username=?"); 
} 

@Bean 
public PasswordEncoder passwordEncoder(){ 
    PasswordEncoder encoder = new BCryptPasswordEncoder(); 
    return encoder; 
} 


@Override 
protected void configure(HttpSecurity http) throws Exception { 
    http.authorizeRequests() 
      //.antMatchers("/hello").access("hasRole('ROLE_ADMIN')") 
      .antMatchers("/", "/register", "/user/create", "/webjars/**", "/js/**").permitAll() 
      .anyRequest().authenticated() 
      .and() 
      .formLogin().loginPage("/login").permitAll() 
      .usernameParameter("username").passwordParameter("password") 
      .and() 
      .logout().permitAll() 
      .and() 
      .exceptionHandling().accessDeniedPage("/403") 
      .and() 
      .csrf().disable(); 
} 
} 

我认为问题是SecurityConfig.java我User实体字段或我的两个查询的名字，但我有什么想法，我该怎么做才能解决我的问题。
我必须保持我的数据库配置（字段名称）。

预先感谢您的帮助！ :)

编辑

有两个改变所有的作品，但它不是良好的数据库。我将发布两个数据库和之差的在SecurityConfig.java

第一基（它是作品）
User table
User Role table

随着SecurityConfig。java的

@Autowired 
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception { 

    auth.jdbcAuthentication().dataSource(dataSource) 
      .usersByUsernameQuery(
        "select username,password, enabled from users where username=?") 
      .authoritiesByUsernameQuery(
        "select username, role from user_roles where username=?"); 
} 

其次这是行不通的。我不能发布的链接，但你必须在上面User.java和UserRole.java完美的描述

随着SecurityConfig.java

@Autowired 
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception { 

    auth.jdbcAuthentication().dataSource(dataSource) 
      .usersByUsernameQuery(
        "select use_username, use_password, use_email from use_user where use_username=?") 
      .authoritiesByUsernameQuery(
        "select use_username, usr_role from usr_user_role, use_user where use_id = usr_use_id and use_username=?"); 
} 

Answer 1

请更改SQL返回列名称而不是*;

<!-- change to your own column name, return the columns in order--> 
select <username,password,enabled> from use_user where use_user.use_username=? 

和AUTHORITIES SQL

<!-- change to your own column name, the authority must be second column --> 
select <username,authority> from usr_user_role inner join use_user on use_user.use_id = usr_user_role.usr_use_id where use_user.use_username=? 

详见here，OK，这里是代码，我觉得它更容易理解为什么你应该为了返回列。

protected List<UserDetails> loadUsersByUsername(String username) { 
     return getJdbcTemplate().query(this.usersByUsernameQuery, 
       new String[] { username }, new RowMapper<UserDetails>() { 
        @Override 
        public UserDetails mapRow(ResultSet rs, int rowNum) 
          throws SQLException { 
         // get user info 
         String username = rs.getString(1); 
         String password = rs.getString(2); 
         boolean enabled = rs.getBoolean(3); 
         return new User(username, password, enabled, true, true, true, 
           AuthorityUtils.NO_AUTHORITIES); 
        } 

       }); 
    } 

protected List<GrantedAuthority> loadUserAuthorities(String username) { 
     return getJdbcTemplate().query(this.authoritiesByUsernameQuery, 
       new String[] { username }, new RowMapper<GrantedAuthority>() { 
        @Override 
        public GrantedAuthority mapRow(ResultSet rs, int rowNum) 
          throws SQLException { 
         //get GrantedAuthority 
         String roleName = JdbcDaoImpl.this.rolePrefix + rs.getString(2); 

         return new SimpleGrantedAuthority(roleName); 
        } 
       }); 
    }