Discussion :

[sihamnet]

Je continue à obtenir BadCredentialsException lorsque j’essaye d'ouvrir une session et se connecter à mon application web que j'ai programmé avec SpringMVC 4.3.2 Hibernate5.1.0 et Maven 3

Mon application fonctionne très bien sans Spring Security, donc je pense que je manque quelque chose dans le code HELP!

spring-security.xml

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
 xmlns:beans="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans 
 http://www.springframework.org/schema/beans/spring-beans.xsd
 http://www.springframework.org/schema/security 
 http://www.springframework.org/schema/security/spring-security.xsd">
 
     <!-- enable use-expressions -->
    <http auto-config="true" use-expressions="true">
         <intercept-url pattern="/" access="permitAll" />
         <intercept-url pattern="/home" access="permitAll" />
         <intercept-url pattern="/admin**" access="hasRole('PRVG_ADMIN')" />
         <intercept-url pattern="/api**" access="hasRole('PRVG_ADMIN') or hasRole('PRVG_USER')" />
         <!-- access denied page -->
         <access-denied-handler error-page="/Access_Denied" />
         <form-login    login-processing-url="/login"
                        login-page="/login" 
                        default-target-url="/home" 
                        username-parameter="email"
                        password-parameter="password"
                        authentication-failure-url="/login?error"/>
         <!-- enable csrf protection -->
         <csrf/>
    </http>
 
    <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
        <beans:constructor-arg name="strength" value="11" />
    </beans:bean>
 
    <beans:bean id="userDAO" class="org.arw.crm.dao.CRMUserDAOImpl" />
 
     <!-- Select users and privileges from database -->
    <authentication-manager >
    <authentication-provider user-service-ref="customUserDetailsService">
        <password-encoder ref="encoder" />
    </authentication-provider>
    </authentication-manager>
 
    <beans:bean id="customUserDetailsService" class="org.arw.crm.service.CustomUserDetailsService">
        <beans:property name="userDAO" ref="userDAO"></beans:property>
        <beans:property name="passwordEncoder" ref="encoder"></beans:property>
    </beans:bean>
</beans:beans>

CustomUserDetailsService.java

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
@Configurable
@Transactional
public class CustomUserDetailsService implements UserDetailsService {
 
    @Autowired
    @Qualifier("passwordEncoder")
    BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    public BCryptPasswordEncoder getPasswordEncoder() {
        return passwordEncoder;
    }
    public void setPasswordEncoder(BCryptPasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }
 
    @Autowired
    @Qualifier("userDAO")
    private CRMUserDAO userDAO;
    public CRMUserDAO getUserDAO() {
        return userDAO;
    }
    public void setUserDAO(CRMUserDAO userDAO) {
        this.userDAO = userDAO;
    }
 
    @Transactional(readOnly=true)
    @Override
    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
 
        org.arw.crm.entity.CRMUser user = userDAO.findByEmail(email);
 
        boolean enabled = true;
        boolean accountNotExpired = true;
        boolean credentialsNotExpired = true;
        boolean accountNotLocked = true;
        if (user == null)
            throw new UsernameNotFoundException("User not found" + email);
 
        List<GrantedAuthority> authorities =     buildUserAuthority(user.getPrivileges());
        System.out.println("***********************************************"+passwordEncoder.encode(user.getPassword()));
        return new User(user.getEmail(), passwordEncoder.encode(user.getPassword()), enabled, accountNotExpired, credentialsNotExpired, accountNotLocked, authorities);
    }
 
     private List<GrantedAuthority> buildUserAuthority(Set<Privilege> privileges) {
 
         Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
         for (Privilege prvlg : privileges) {
             setAuths.add(new SimpleGrantedAuthority(prvlg.getPrivilege()));
         }
         List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);
         return Result;
     }
}

les utilisateurs de l'application sont insérés dans la base de donnée comme suit :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
 
        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        CRMUser crmuser1 = new CRMUser("a1", "A1", "admin1@gmail.com", passwordEncoder.encode("admin1"));