Discussion :

[abdou4101]

Bonjour, je tente de mettre en place une authentification en utilisant la base de données standard de spring security :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
create database security;
use security;
CREATE TABLE users (
  username VARCHAR(50) NOT NULL PRIMARY KEY,
  password VARCHAR(50) NOT NULL,
  enabled BIT NOT NULL
);
 
CREATE TABLE authorities (
  username VARCHAR(50) NOT NULL,
  authority VARCHAR(50) NOT NULL
);
 
ALTER TABLE authorities ADD CONSTRAINT fk_authorities_users foreign key (username) REFERENCES users(username);

Mais pendant l'authentification, quand j'entre un username qui n'existe pas dans la base je reçois cette erreur :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
GRAVE: "Servlet.service()" pour la servlet default a généré une exception
java.lang.LinkageError: loader constraint violation: when resolving field "logger" the class loader (instance of org/apache/catalina/loader/WebappClassLoader) of the referring class, org/springframework/dao/support/DaoSupport, and the class loader (instance of org/apache/catalina/loader/StandardClassLoader) for the field's resolved type, org/apache/commons/logging/Log, have different Class objects for that type
	at org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl.loadUserByUsername(JdbcDaoImpl.java:154)
	at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:81)
	at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:132)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
	at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.security.config.debug.DebugFilter.doFilterInternal(DebugFilter.java:45)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
	at java.lang.Thread.run(Unknown Source)

Mais ça marche avec des utilisateurs existant dans la base.
Voila mon application-security.xml :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?xml version="1.0" encoding="UTF-8"?>
 
<!-- - Sample namespace-based configuration - -->
 
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 
	<debug />
 
	<beans:bean id="dataSource"
		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
		<beans:property name="driverClassName" value="com.mysql.jdbc.Driver" />
		<beans:property name="url" value="jdbc:mysql://localhost/security" />
		<beans:property name="username" value="****" />
		<beans:property name="password" value="****" />
	</beans:bean>
 
 
 
 
	<global-method-security pre-post-annotations="enabled" />
 
	<http pattern="/static/**" security="none" />
	<http pattern="/loggedout.jsp" security="none" />
 
	<http use-expressions="true" access-denied-page="/denied.jsp">
 
		<intercept-url pattern="/expl.jsp" access="hasRole('user')" />
		<intercept-url pattern="/supervision/**" access="hasRole('user')" />
		<intercept-url pattern="/statistiques/**" access="hasRole('user')" />
		<intercept-url pattern="/gestion/**" access="hasRole('supervisor')" />
		<intercept-url pattern="/index.jsp" access="hasRole('user')" />
 
 
 
		<form-login login-page='/login.jsp' default-target-url='/supervision/supe.jsp'></form-login>
		<remember-me />
		<!-- Allow all other requests. In a real application you should adopt a 
			whitelisting approach where access is not allowed by default -->
 
 
 
		<logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID" />
 
		<!-- Uncomment to enable X509 client authentication support <x509 /> -->
		<!-- Uncomment to limit the number of sessions a user can have -->
		<session-management invalid-session-url="/timeout.jsp">
			<concurrency-control max-sessions="1"
				error-if-maximum-exceeded="true" />
		</session-management>
 
	</http>
 
 
	<authentication-manager>
		<authentication-provider>
			<jdbc-user-service data-source-ref="dataSource" 
			users-by-username-query="SELECT username, password, enabled FROM users WHERE username=?" 
			authorities-by-username-query="select username, authority from authorities where username =?" />
		</authentication-provider>
	</authentication-manager>
 
 
</beans:beans>

Merci d'avance pour votre aide !

[abdou4101]

aucune suggestion !?

[abdou4101]

C'est résolu , c'était juste un manque d'un fichier jar (org.springframework.transaction-3.0.5.RELEASE.jar)