Je continue à obtenir BadCredentialsException lorsque j’essaye d'ouvrir une session et se connecter à mon application web que j'ai programmé avec SpringMVC 4.3.2 Hibernate5.1.0 et Maven 3
Mon application fonctionne très bien sans Spring Security, donc je pense que je manque quelque chose dans le code HELP!
spring-security.xml
CustomUserDetailsService.java
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45 <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- enable use-expressions --> <http auto-config="true" use-expressions="true"> <intercept-url pattern="/" access="permitAll" /> <intercept-url pattern="/home" access="permitAll" /> <intercept-url pattern="/admin**" access="hasRole('PRVG_ADMIN')" /> <intercept-url pattern="/api**" access="hasRole('PRVG_ADMIN') or hasRole('PRVG_USER')" /> <!-- access denied page --> <access-denied-handler error-page="/Access_Denied" /> <form-login login-processing-url="/login" login-page="/login" default-target-url="/home" username-parameter="email" password-parameter="password" authentication-failure-url="/login?error"/> <!-- enable csrf protection --> <csrf/> </http> <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"> <beans:constructor-arg name="strength" value="11" /> </beans:bean> <beans:bean id="userDAO" class="org.arw.crm.dao.CRMUserDAOImpl" /> <!-- Select users and privileges from database --> <authentication-manager > <authentication-provider user-service-ref="customUserDetailsService"> <password-encoder ref="encoder" /> </authentication-provider> </authentication-manager> <beans:bean id="customUserDetailsService" class="org.arw.crm.service.CustomUserDetailsService"> <beans:property name="userDAO" ref="userDAO"></beans:property> <beans:property name="passwordEncoder" ref="encoder"></beans:property> </beans:bean> </beans:beans>
les utilisateurs de l'application sont insérés dans la base de donnée comme suit :
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53 @Configurable @Transactional public class CustomUserDetailsService implements UserDetailsService { @Autowired @Qualifier("passwordEncoder") BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); public BCryptPasswordEncoder getPasswordEncoder() { return passwordEncoder; } public void setPasswordEncoder(BCryptPasswordEncoder passwordEncoder) { this.passwordEncoder = passwordEncoder; } @Autowired @Qualifier("userDAO") private CRMUserDAO userDAO; public CRMUserDAO getUserDAO() { return userDAO; } public void setUserDAO(CRMUserDAO userDAO) { this.userDAO = userDAO; } @Transactional(readOnly=true) @Override public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException { org.arw.crm.entity.CRMUser user = userDAO.findByEmail(email); boolean enabled = true; boolean accountNotExpired = true; boolean credentialsNotExpired = true; boolean accountNotLocked = true; if (user == null) throw new UsernameNotFoundException("User not found" + email); List<GrantedAuthority> authorities = buildUserAuthority(user.getPrivileges()); System.out.println("***********************************************"+passwordEncoder.encode(user.getPassword())); return new User(user.getEmail(), passwordEncoder.encode(user.getPassword()), enabled, accountNotExpired, credentialsNotExpired, accountNotLocked, authorities); } private List<GrantedAuthority> buildUserAuthority(Set<Privilege> privileges) { Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>(); for (Privilege prvlg : privileges) { setAuths.add(new SimpleGrantedAuthority(prvlg.getPrivilege())); } List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths); return Result; } }
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3 BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); CRMUser crmuser1 = new CRMUser("a1", "A1", "admin1@gmail.com", passwordEncoder.encode("admin1"));
Partager