Spring Security 4 Bad credentials
Je continue à obtenir BadCredentialsException lorsque j’essaye d'ouvrir une session et se connecter à mon application web que j'ai programmé avec SpringMVC 4.3.2 Hibernate5.1.0 et Maven 3
Mon application fonctionne très bien sans Spring Security, donc je pense que je manque quelque chose dans le code HELP!
spring-security.xml
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
| <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/home" access="permitAll" />
<intercept-url pattern="/admin**" access="hasRole('PRVG_ADMIN')" />
<intercept-url pattern="/api**" access="hasRole('PRVG_ADMIN') or hasRole('PRVG_USER')" />
<!-- access denied page -->
<access-denied-handler error-page="/Access_Denied" />
<form-login login-processing-url="/login"
login-page="/login"
default-target-url="/home"
username-parameter="email"
password-parameter="password"
authentication-failure-url="/login?error"/>
<!-- enable csrf protection -->
<csrf/>
</http>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="11" />
</beans:bean>
<beans:bean id="userDAO" class="org.arw.crm.dao.CRMUserDAOImpl" />
<!-- Select users and privileges from database -->
<authentication-manager >
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder ref="encoder" />
</authentication-provider>
</authentication-manager>
<beans:bean id="customUserDetailsService" class="org.arw.crm.service.CustomUserDetailsService">
<beans:property name="userDAO" ref="userDAO"></beans:property>
<beans:property name="passwordEncoder" ref="encoder"></beans:property>
</beans:bean>
</beans:beans> |
CustomUserDetailsService.java
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
@Configurable
@Transactional
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
@Qualifier("passwordEncoder")
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
public BCryptPasswordEncoder getPasswordEncoder() {
return passwordEncoder;
}
public void setPasswordEncoder(BCryptPasswordEncoder passwordEncoder) {
this.passwordEncoder = passwordEncoder;
}
@Autowired
@Qualifier("userDAO")
private CRMUserDAO userDAO;
public CRMUserDAO getUserDAO() {
return userDAO;
}
public void setUserDAO(CRMUserDAO userDAO) {
this.userDAO = userDAO;
}
@Transactional(readOnly=true)
@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
org.arw.crm.entity.CRMUser user = userDAO.findByEmail(email);
boolean enabled = true;
boolean accountNotExpired = true;
boolean credentialsNotExpired = true;
boolean accountNotLocked = true;
if (user == null)
throw new UsernameNotFoundException("User not found" + email);
List<GrantedAuthority> authorities = buildUserAuthority(user.getPrivileges());
System.out.println("***********************************************"+passwordEncoder.encode(user.getPassword()));
return new User(user.getEmail(), passwordEncoder.encode(user.getPassword()), enabled, accountNotExpired, credentialsNotExpired, accountNotLocked, authorities);
}
private List<GrantedAuthority> buildUserAuthority(Set<Privilege> privileges) {
Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
for (Privilege prvlg : privileges) {
setAuths.add(new SimpleGrantedAuthority(prvlg.getPrivilege()));
}
List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);
return Result;
}
} |
les utilisateurs de l'application sont insérés dans la base de donnée comme suit :
Code:
1
2
3
|
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
CRMUser crmuser1 = new CRMUser("a1", "A1", "admin1@gmail.com", passwordEncoder.encode("admin1")); |
