Spring Security登录问题 -

Question

我对Spring/Spring Security颇为陌生，我已经尽力解决了这个问题，但我似乎并没有一遍又一遍地得到它。问题如下：登录无法正常工作 - 即使使用正确的凭证，它仍会告诉他们看起来不正确。 我使用Spring Security和Spring mvc + Oracle（hibernate + jpa）。我会很感激任何帮助，非常感谢你提前！

这是我的配置文件。 （部分）

1. security.xml 

<http auto-config="true"> 
    <intercept-url pattern="/welcome*" access="ROLE_USER" /> 
    <form-login login-page="/login" default-target-url="/welcome" 
     authentication-failure-url="/loginfailed" /> 
    <logout logout-success-url="/logout" /> 
</http> 

<!-- <password-encoder hash="md5" /> --> 

<authentication-manager> 
    <authentication-provider> 
     <jdbc-user-service data-source-ref="dataSource" 
      users-by-username-query=" 
      SELECT username, password, 'TRUE' 
      FROM users WHERE username=?" 

      authorities-by-username-query=" 
      SELECT u.username, ur.authority FROM users u, user_roles ur 
      WHERE u.user_id = ur.user_id AND u.username=? " /> 
    </authentication-provider> 
</authentication-manager> 

2. web.xml 

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

3. data.xml 

<!-- Transaction managing using the @Transactional annotation --> 
<tx:annotation-driven transaction-manager="transactionManager" /> 

<!-- Transaction Manager --> 
<bean id="transactionManager" 
    class="org.springframework.orm.hibernate3.HibernateTransactionManager"> 
    <property name="sessionFactory" ref="sessionFactory" /> 
</bean> 


<bean 
    class="org.springframework.web.servlet.view.InternalResourceViewResolver"> 
    <property name="prefix"> 
     <value>/WEB-INF/pages/</value> 
    </property> 
    <property name="suffix"> 
     <value>.jsp</value> 
    </property> 
</bean> 

<bean id="messageSource" 
    class="org.springframework.context.support.ReloadableResourceBundleMessageSource"> 
    <property name="basenames"> 
     <list> 
      <value>msgs</value> 
     </list> 
    </property> 
    <property name="defaultEncoding" value="UTF-8" /> 
</bean> 

<!-- ////////////////////////////////////////////////////////////////////////// --> 

    <bean id="propertyConfigurer" 
    class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" 
    p:location="/WEB-INF/jdbc.properties"/> 

<!-- ////////////////////////////////////////////////////////////////////////// "--> 

<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" 
    destroy-method="close"> 
    <property name="driverClass" value="${jdbc.driverClassName}" /> 
    <property name="jdbcUrl" value="${jdbc.databaseurl}" /> 
    <property name="user" value="${jdbc.username}" /> 
    <property name="password" value="${jdbc.password}" /> 

</bean> 

<!-- ////////////////////////////////////////////////////////////////////////// --> 

<!-- Hibernate SessionFactory configuration --> 
<bean id="sessionFactory" 
    class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean"> 
    <property name="dataSource" ref="dataSource" /> 
    <property name="packagesToScan" value="com.tsystems.javaschool.kts.domain" /> 
    <property name="hibernateProperties"> 
     <props> 
      <prop key="hibernate.show_sql">true</prop> 
      <prop key="hibernate.dialect">${jdbc.dialect}</prop> 
      <prop key="hibernate.connection.charSet">UTF-8</prop> 
     </props> 
    </property> 
</bean> 

Answer 1

现在很难看到的错误，但我可以给你一些例子女巫工作对我来说：web.xml中的

部分：

<filter> 
<filter-name>springSecurityFilterChain</filter-name> 
<filter-class> 
org.springframework.web.filter.DelegatingFilterProxy 
</filter-class> 
</filter> 
<filter-mapping> 
<filter-name>springSecurityFilterChain</filter-name> 
<url-pattern>/*</url-pattern> 
</filter-mapping> 

... ...

您是否在您的web.xml（web.xml的另一部分）中包含XML文件（security.xml）？

<listener> 
    <listener-class> 
    org.springframework.web.context.ContextLoaderListener 
    </listener-class> 
</listener> 
    <context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value>/WEB-INF/security-config.xml</param-value> 
    </context-param> 

安全-config.xml中的部分（DATA是玛，角色和用户的表）：JSP页面的

<http auto-config='true'> 
     <intercept-url pattern="/login**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
     <intercept-url pattern="/admin/**" access="ROLE_ADMIN" /> 
     <intercept-url pattern="/**" access="ROLE_GUEST, ROLE_ADMIN" /> 
     <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=t"/> 
     <logout logout-success-url="/login.jsp?logout=t"/> 
    </http> 
    <authentication-manager> 
     <authentication-provider> 
     <password-encoder hash="md5"/> 
      <jdbc-user-service data-source-ref="ds" authorities-by-username-query="select USERNAME as username, ROLE as authority from DATA.ROLE where USERNAME=?" 
      users-by-username-query="select USERNAME as username, PASSWORD as password, 'true' AS enabled from DATA.USER where USERNAME=?"/> 
     </authentication-provider> 
    </authentication-manager> 

部分以及（login.jsp的）：

<c:when test="${param.logout == 't'}"> 

// show when I logout 
....... 

</c:when> 
<c:when test="${param.login_error == 't'}"> 

// show when username or password is not correct 
....... 

</c:when> 
<c:otherwise> 
..... 
<form method="POST" action="<%= response.encodeURL(request.getContextPath() + "/j_spring_security_check") %>" > 
...... 
<input class="input" type="text" name="j_username" /> 
...... 
<input class="input" type="password" name="j_password" /> 
..... 
<input type="submit" value="Login" name="Login" /> 
..... 
</c:otherwise> 

如果仍然不会，请写在这里。