spring-security3.*幾點體會
来源:互联网 发布:java中什么叫多态 编辑:程序博客网 时间:2024/05/19 01:32
執行
List<User> list=this.jdbcTemplate.query(usersByUsernameQuery, new String[]{username}, new RowMapper<User>(){public User mapRow(ResultSet rs, int rowNum) throws SQLException {User usercache = new User(); String username = rs.getString("username"); String password = rs.getString("password"); boolean enabled = rs.getBoolean("enabled"); usercache.setEnabled(enabled); usercache.setUsername(username); usercache.setPassword(password); return usercache;}});出現異常信息:
09:20:25.419 [http-9090-1] DEBUG o.s.j.support.SQLErrorCodesFactory - Database product name cached for DataSource [com.mysql.jdbc.jdbc2.optional.MysqlDataSource@11bd80c]: name is 'MySQL'09:20:25.419 [http-9090-1] DEBUG o.s.j.support.SQLErrorCodesFactory - SQL error codes for 'MySQL' found09:20:25.419 [http-9090-1] DEBUG o.s.j.s.SQLErrorCodeSQLExceptionTranslator - Unable to translate SQLException with Error code '0', will now try the fallback translator09:20:25.419 [http-9090-1] DEBUG o.s.j.s.SQLStateSQLExceptionTranslator - Extracted SQL state class 'S1' from value 'S1009'09:20:25.419 [http-9090-1] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'org.springframework.security.core.session.SessionRegistryImpl#0'09:20:25.419 [http-9090-1] DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: PreparedStatementCallback; SQL [select username,password,enabled from userTable where username = 'XXX]; Parameter index out of range (1 > number of parameters, which is 0).; nested exception is java.sql.SQLException: Parameter index out of range (1 > number of parameters, which is 0).09:20:25.419 [http-9090-1] DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
查看org.springframework.jdbc.core.JdbcTemplate源碼發現<T> List<T> org.springframework.jdbc.core.JdbcTemplate.query(String sql, Object[] args, RowMapper<T> rowMapper) throws DataAccessExceptionQuery given SQL to create a prepared statement from SQL and a list of arguments to bind to the query, mapping each row to a Java object via a RowMapper.Specified by: query(...) in JdbcOperationsParameters:
sql: SQL query to execute
args: arguments to bind to the query (leaving it to the PreparedStatement to guess the corresponding SQL type); may also contain SqlParameterValue objects which indicate not only the argument value but also the SQL type and optionally the scale
rowMapper: object that will map one object per row
Returns:the result List, containing mapped objects
Throws:DataAccessException - if the query fails
原因:SQL語句寫法錯誤. : 格式應為: ' select * from users where username =?';
重新編譯運行 報出異常:
09:16:30.543 [http-9090-1] DEBUG o.s.s.a.d.DaoAuthenticationProvider - Authentication failed: password does not match stored value09:16:30.543 [http-9090-1] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'org.springframework.security.core.session.SessionRegistryImpl#0'09:16:30.543 [http-9090-1] DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials09:16:30.543 [http-9090-1] DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
原因:密碼錯誤
解決方法:查看加密方式,已經加密方法.
Spring-security配置自定義加密方式.
<authentication-manager> <authentication-provider user-service-ref="securityDetailsService"> <password-encoder ref="MD5Encoder" > <!-- <salt-source user-property="username" ref="j_username"/>--> </password-encoder> </authentication-provider> </authentication-manager> <!--自定義加密器--> <beans:bean id="MD5Encoder" class="com.sax.michael.annotations.cm.method.MD5Enconder" />
其中MD5Encoder.java 必須實現PasswordEncoder接口;可參考來源資料[http://sarin.iteye.com/blog/830831]
public class MD5Encoder extends BasePasswordEncoder {private static String key = "michael";@Overridepublic String encodePassword(String rawPass, Object salt) {salt = salt==null||"".equals("")?key:salt;return Encryption.encryptPassword(mergePasswordAndSalt(rawPass, salt, true));}@Overridepublic boolean isPasswordValid(String encPass, String rawPass, Object salt) {salt = salt==null||"".equals("")?key:salt;boolean lable_e = encPass==null||"".equals(encPass)?false:true;boolean lable_r = rawPass==null||"".equals(rawPass)?false:true;if(lable_e&&lable_r){String nowPass = Encryption.encryptPassword(mergePasswordAndSalt(rawPass, salt, false));return Encryption.comparePassword(encPass,nowPass);}return false;}/** * 加密 * @param sourcePass * @param salt * @return */public static String encryptPasswordFirst(String password,Object salt){salt = salt==null||"".equals("")?key:salt;password =password==null||"".equals(password)?"":password+"{"+salt+"}" ;if("".equals(password)){ throw new IllegalArgumentException("Cannot password a null or empty String");}return Encryption.encryptPassword(password);}}
- spring-security3.*幾點體會
- Spring Security3
- Spring Security3
- Spring Security3
- Spring Security3
- Spring Security3
- Spring Security3 入门一
- Spring Security3 入门二
- 《Spring Security3》第一章
- spring security3 demo入门
- Spring Security3 实践
- 学习spring-Security3.0
- spring security3研究
- spring security3 总结
- Spring Security3 SpEL表达式
- Spring Security3配置使用
- Spring Security3学习笔记
- spring security3 扩展应用
- acle用户管理
- 1006 一卡通大冒险
- 1007 青蛙过河
- 六方面助你成为职业程序员
- 基于TI Davinci架构的双核嵌入式应用处理器OMAPL138开发入门
- spring-security3.*幾點體會
- 1009 美好的一天
- C#和.net中的一些方法名
- 游戏作品展示
- 1010 短信套餐
- ADK板上的主要部件
- Davinci cmem
- 《那些年啊,那些事——一个程序员的奋斗史》——11
- crontab及每15分钟同步服务器的时间