Spring Security 引用数据库管理用户权限login.jsp 提示"用户名或密码错误"
符号
阅读:670
2021-03-31 22:11:09
评论:0
错误展示:
相关spring-security.xml 配置文件和spring-mybatis.xml 文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- <http security="none" pattern="/login.action" /> -->
<!-- auto-config = true 则使用from-login. 如果不使用该属性 则默认为http-basic(没有session). -->
<http auto-config="true">
<!--
login-page:默认指定的登录页面.
authentication-failure-url:出错后跳转页面.
default-target-url:成功登陆后跳转页面 默认登录保护url
login-processing-url:用户登入处理路径,默认:/j_spring_security_check
username-parameter:验证用户输入的用户名,默认:j_username
password-parameter:验证用户输入的密码 ,默认:J_password
-->
<form-login
login-page="/login.action"
default-target-url="/welcome.action"
authentication-failure-url="/login.action?error"
login-processing-url="/j_spring_security_check"
username-parameter="username"
password-parameter="password" />
<!-- logout-success-url:成功注销后跳转到的页面; -->
<!-- logout-url 用户注销处理路径,默认:/j_spring_security_logout -->
<!-- invalidate-session 是否注销当前会话 -->
<logout
logout-url="/j_spring_security_logout"
logout-success-url="/login.action"
invalidate-session="true" />
<intercept-url pattern="/login.action" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/**" access="ROLE_USER" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select d_username username,d_password password, d_enabled enabled from t_users where d_username=?"
authorities-by-username-query="select d_username username, d_role role from t_user_roles where d_username=? " />
</authentication-provider>
</authentication-manager>
</beans:beans>
spring-mybatis.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
">
<mvc:default-servlet-handler/>
<!-- 引入配置文件 -->
<bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location" value="classpath:jdbc.properties" />
</bean>
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="${driver}" />
<property name="url" value="${url}" />
<property name="username" value="${username}" />
<property name="password" value="${password}" />
<!-- 初始化连接大小 -->
<property name="initialSize" value="${initialSize}"></property>
<!-- 连接池最大数量 -->
<property name="maxActive" value="${maxActive}"></property>
<!-- 连接池最大空闲 -->
<property name="maxIdle" value="${maxIdle}"></property>
<!-- 连接池最小空闲 -->
<property name="minIdle" value="${minIdle}"></property>
<!-- 获取连接最大等待时间 -->
<property name="maxWait" value="${maxWait}"></property>
</bean>
<!-- spring和MyBatis完美整合,不需要mybatis的配置映射文件 -->
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<!-- 自动扫描mapping.xml文件 -->
<property name="mapperLocations" value="classpath:com/**/mapper/*.xml"></property>
</bean>
<!-- DAO接口所在包名,Spring会自动查找其下的类 -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="com.common.base.dao;com.common.common.dao;com.alarm.dao;com.buildingDevice.dao;com.smart.dao;com.village.dao;com.wlsqManage.dao" />
<property name="sqlSessionFactoryBeanName" value="sqlSessionFactory"></property>
</bean>
<!-- (事务管理)transaction manager, use JtaTransactionManager for global tx -->
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<!-- 通知 -->
<tx:advice id="tx"
transaction-manager="transactionManager">
<tx:attributes>
<tx:method name="delete*" propagation="REQUIRED" />
<tx:method name="insert*" propagation="REQUIRED" />
<tx:method name="update*" propagation="REQUIRED" />
<tx:method name="find*" read-only="true" />
<tx:method name="get*" read-only="true" />
<tx:method name="select*" read-only="true" />
</tx:attributes>
</tx:advice>
<aop:config>
<aop:pointcut id="pc" expression="execution(* *..service.*.*(..))" />
<!--把事务控制在Service层-->
<aop:advisor pointcut-ref="pc" advice-ref="tx" />
</aop:config>
</beans>
这个问题,才不多纠结了我一上午的时间,后面偶然参看了一下,其他的人的实现方法,发现在spring-security.xml 文件中少配置了一个jdbc 的标签控件,啊,真实太LOW了。
调整后的spring-security.xml配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
<span style="color:#ff0000;">http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd </span>
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- <http security="none" pattern="/login.action" /> -->
<!-- auto-config = true 则使用from-login. 如果不使用该属性 则默认为http-basic(没有session). -->
<http auto-config="true">
<!--
login-page:默认指定的登录页面.
authentication-failure-url:出错后跳转页面.
default-target-url:成功登陆后跳转页面 默认登录保护url
login-processing-url:用户登入处理路径,默认:/j_spring_security_check
username-parameter:验证用户输入的用户名,默认:j_username
password-parameter:验证用户输入的密码 ,默认:J_password
-->
<form-login
login-page="/login.action"
default-target-url="/welcome.action"
authentication-failure-url="/login.action?error"
login-processing-url="/j_spring_security_check"
username-parameter="username"
password-parameter="password" />
<!-- logout-success-url:成功注销后跳转到的页面; -->
<!-- logout-url 用户注销处理路径,默认:/j_spring_security_logout -->
<!-- invalidate-session 是否注销当前会话 -->
<logout
logout-url="/j_spring_security_logout"
logout-success-url="/login.action"
invalidate-session="true" />
<intercept-url pattern="/login.action" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/**" access="ROLE_USER" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select d_username username,d_password password, d_enabled enabled from t_users where d_username=?"
authorities-by-username-query="select d_username username, d_role role from t_user_roles where d_username=? " />
</authentication-provider>
</authentication-manager>
</beans:beans>
声明
1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。