Cannot get Spring Security to work with the database authentication provider.
The in-memory authentication service is working fine.
Step to play:
when I registered the credentials sb , sb , login() the AuthenticationService method returned false .
There is no corresponding log in the Tomcat log.
applicationContext.xml:
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="com.mysql.jdbc.Driver"/> <property name="url" value="jdbc:mysql://localhost/chirokDB?useUnicode=true&characterEncoding=utf8"/> <property name="username" value="root"/> <property name="password" value="root"/> </bean> <bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl"> <property name="dataSource" ref="dataSource"/> </bean>
service level:
@Service("authenticationService") public class AuthenticationServiceImpl implements AuthenticationService { @Resource(name = "authenticationManager") private AuthenticationManager authenticationManager; public boolean login(String username, String password) { try { Authentication authenticate = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken( username, password)); if (authenticate.isAuthenticated()) { SecurityContextHolder.getContext().setAuthentication(authenticate); return true; } } catch (AuthenticationException e) { } return false; }
managed bean level:
public String doLogin() { boolean isLoggedIn = authenticationService.login(name, password); if (isLoggedIn) { return "index"; } FacesContext.getCurrentInstance().addMessage("login failure", new FacesMessage()); return "failureLogin"; }
ApplicationContext-security.xml:
<global-method-security pre-post-annotations="enabled"/> <http auto-config="true"> <form-login login-page="/login.xhtml" default-target-url="/index.xhtml"/> <intercept-url pattern="/contacts.xhtml" access="ROLE_ANONYMOUS,ROLE_USER"/> <intercept-url pattern="/delivery.xhtml" access="ROLE_USER"/> <logout invalidate-session="true"/> <session-management> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/> </session-management> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <jdbc-user-service data-source-ref="dataSource"/> </authentication-provider> </authentication-manager>
sustainability level:
MySql DB has the following standard tables (Spring required):
1. users
2. authorities
users table has an entry with username = 'sb' and password = 'sb'
authorities table has an entry with username = 'sb' and authority = 'ROLE_USER'
note
with user memory, everything works fine with the following configuration:
<authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user name="sb" password="sb" authorities="ROLE_USER"/> </user-service> </authentication-provider> </authentication-manager>
assumption:
dataSource entered in org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
How to use Hibernate ORM, maybe you should use nothing other than JdbcDaoImpl ?