Spring Security 引用数据库管理用户权限login.jsp 提示"用户名或密码错误"分析

符号 阅读:180 2021-03-31 22:11:09 评论:0

错误展示:


相关spring-security.xml 配置文件和spring-mybatis.xml 文件

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
	xsi:schemaLocation="http://www.springframework.org/schema/beans    
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 	 
	http://www.springframework.org/schema/security    
	http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 
	<!--  <http security="none" pattern="/login.action" /> --> 
 	 <!-- auto-config = true 则使用from-login. 如果不使用该属性 则默认为http-basic(没有session). --> 
    <http auto-config="true"> 
        <!--  
            login-page:默认指定的登录页面.  
            authentication-failure-url:出错后跳转页面.  
            default-target-url:成功登陆后跳转页面 默认登录保护url  
            login-processing-url:用户登入处理路径,默认:/j_spring_security_check 
            username-parameter:验证用户输入的用户名,默认:j_username 
            password-parameter:验证用户输入的密码 ,默认:J_password 
        --> 
        <form-login  
            login-page="/login.action"  
            default-target-url="/welcome.action"  
            authentication-failure-url="/login.action?error"  
            login-processing-url="/j_spring_security_check"  
            username-parameter="username"  
            password-parameter="password" /> 
 
        <!-- logout-success-url:成功注销后跳转到的页面; --> 
        <!-- logout-url 用户注销处理路径,默认:/j_spring_security_logout --> 
        <!-- invalidate-session 是否注销当前会话  --> 
        <logout 
             logout-url="/j_spring_security_logout"  
             logout-success-url="/login.action"  
             invalidate-session="true" />     
          <intercept-url pattern="/login.action" access="IS_AUTHENTICATED_ANONYMOUSLY"/>   
          <intercept-url pattern="/**" access="ROLE_USER" />    
        </http> 
         
      
         
         
	  <authentication-manager> 
		<authentication-provider> 
			<jdbc-user-service data-source-ref="dataSource" 
				users-by-username-query="select d_username username,d_password password, d_enabled enabled from t_users where d_username=?" 
				authorities-by-username-query="select d_username username, d_role role from t_user_roles where d_username=?  " /> 
		</authentication-provider> 
	  </authentication-manager> 
	 
</beans:beans> 
spring-mybatis.xml

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" 
	xmlns:context="http://www.springframework.org/schema/context" 
	xmlns:mvc="http://www.springframework.org/schema/mvc" 
	xmlns:tx="http://www.springframework.org/schema/tx" 
	xmlns:aop="http://www.springframework.org/schema/aop" 
	xsi:schemaLocation="http://www.springframework.org/schema/beans   
                        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd   
                        http://www.springframework.org/schema/context   
                        http://www.springframework.org/schema/context/spring-context-3.1.xsd   
                        http://www.springframework.org/schema/tx 
                        http://www.springframework.org/schema/tx/spring-tx-3.1.xsd 
                        http://www.springframework.org/schema/mvc   
                        http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd 
                        http://www.springframework.org/schema/aop  
                        http://www.springframework.org/schema/aop/spring-aop-3.1.xsd 
                        "> 
	<mvc:default-servlet-handler/> 
	<!-- 引入配置文件 --> 
	<bean id="propertyConfigurer" 
		class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> 
		<property name="location" value="classpath:jdbc.properties" /> 
	</bean> 
 
	 
	<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" 
		destroy-method="close"> 
		<property name="driverClassName" value="${driver}" /> 
		<property name="url" value="${url}" /> 
		<property name="username" value="${username}" /> 
		<property name="password" value="${password}" /> 
		<!-- 初始化连接大小 --> 
		<property name="initialSize" value="${initialSize}"></property> 
		<!-- 连接池最大数量 --> 
		<property name="maxActive" value="${maxActive}"></property> 
		<!-- 连接池最大空闲 --> 
		<property name="maxIdle" value="${maxIdle}"></property> 
		<!-- 连接池最小空闲 --> 
		<property name="minIdle" value="${minIdle}"></property> 
		<!-- 获取连接最大等待时间 --> 
		<property name="maxWait" value="${maxWait}"></property> 
	</bean> 
	 
 
 
	<!-- spring和MyBatis完美整合,不需要mybatis的配置映射文件 --> 
	<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean"> 
		<property name="dataSource" ref="dataSource" /> 
		<!-- 自动扫描mapping.xml文件 --> 
		<property name="mapperLocations" value="classpath:com/**/mapper/*.xml"></property> 
	</bean> 
 
	<!-- DAO接口所在包名,Spring会自动查找其下的类 --> 
	<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer"> 
		<property name="basePackage" value="com.common.base.dao;com.common.common.dao;com.alarm.dao;com.buildingDevice.dao;com.smart.dao;com.village.dao;com.wlsqManage.dao" /> 
		<property name="sqlSessionFactoryBeanName" value="sqlSessionFactory"></property> 
	</bean> 
 
	<!-- (事务管理)transaction manager, use JtaTransactionManager for global tx --> 
	<bean id="transactionManager" 
		class="org.springframework.jdbc.datasource.DataSourceTransactionManager"> 
		<property name="dataSource" ref="dataSource" /> 
	</bean> 
	 
	 <!-- 通知 --> 
    <tx:advice id="tx" 
        transaction-manager="transactionManager"> 
        <tx:attributes> 
            <tx:method name="delete*" propagation="REQUIRED" /> 
            <tx:method name="insert*" propagation="REQUIRED" /> 
            <tx:method name="update*" propagation="REQUIRED" /> 
            <tx:method name="find*" read-only="true" /> 
            <tx:method name="get*" read-only="true" /> 
            <tx:method name="select*" read-only="true" /> 
        </tx:attributes> 
    </tx:advice> 
 
    <aop:config> 
        <aop:pointcut id="pc" expression="execution(* *..service.*.*(..))" /> 
        <!--把事务控制在Service层--> 
        <aop:advisor pointcut-ref="pc" advice-ref="tx" /> 
    </aop:config> 
 
</beans>

这个问题,才不多纠结了我一上午的时间,后面偶然参看了一下,其他的人的实现方法,发现在spring-security.xml 文件中少配置了一个jdbc 的标签控件,啊,真实太LOW了。

调整后的spring-security.xml配置文件

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
	xsi:schemaLocation="http://www.springframework.org/schema/beans    
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd  
	<span style="color:#ff0000;">http://www.springframework.org/schema/jdbc  
    http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd </span>   
	http://www.springframework.org/schema/security    
	http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 
	<!--  <http security="none" pattern="/login.action" /> --> 
 	 <!-- auto-config = true 则使用from-login. 如果不使用该属性 则默认为http-basic(没有session). --> 
    <http auto-config="true"> 
        <!--  
            login-page:默认指定的登录页面.  
            authentication-failure-url:出错后跳转页面.  
            default-target-url:成功登陆后跳转页面 默认登录保护url  
            login-processing-url:用户登入处理路径,默认:/j_spring_security_check 
            username-parameter:验证用户输入的用户名,默认:j_username 
            password-parameter:验证用户输入的密码 ,默认:J_password 
        --> 
        <form-login  
            login-page="/login.action"  
            default-target-url="/welcome.action"  
            authentication-failure-url="/login.action?error"  
            login-processing-url="/j_spring_security_check"  
            username-parameter="username"  
            password-parameter="password" /> 
 
        <!-- logout-success-url:成功注销后跳转到的页面; --> 
        <!-- logout-url 用户注销处理路径,默认:/j_spring_security_logout --> 
        <!-- invalidate-session 是否注销当前会话  --> 
        <logout 
             logout-url="/j_spring_security_logout"  
             logout-success-url="/login.action"  
             invalidate-session="true" />     
          <intercept-url pattern="/login.action" access="IS_AUTHENTICATED_ANONYMOUSLY"/>   
          <intercept-url pattern="/**" access="ROLE_USER" />    
        </http> 
         
      
         
         
	  <authentication-manager> 
		<authentication-provider> 
			<jdbc-user-service data-source-ref="dataSource" 
				users-by-username-query="select d_username username,d_password password, d_enabled enabled from t_users where d_username=?" 
				authorities-by-username-query="select d_username username, d_role role from t_user_roles where d_username=?  " /> 
		</authentication-provider> 
	  </authentication-manager> 
	 
</beans:beans> 




声明

1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。

发表评论
搜索
排行榜
关注我们

一个IT知识分享的公众号