mysql - Spring 4 安全、MySQL、c3p0 连接。登录在 Spring 5 中有效,但在 Spring 4 中无效
问题描述
此代码适用于 Spring 5。但我的公司需要 Spring 4。
在 Spring 4 中,登录可以使用 inMemoryAuthentication 正常工作。但是当我添加jdbc逻辑时(c3p0,MySQL依赖&&添加DataSource代码&& JDBC连接,c3p0连接池.properties文件);服务器运行,登录页面打开,但身份验证失败(用户名/密码不正确)。
这是包结构
- 这是 .properties 文件位置和代码。
这是配置类
@Configuration @EnableWebMvc @ComponentScan(basePackages = "com.nike.mycoolwebapp") @PropertySource("classpath:persistence-mysql.properties") 公共类 AppConfig {
// set up variable to hold the properties. One can use spring helper classes or use @Autowired @Autowired private Environment env; // will hold the data read from the properties file // set up a logger for diagnostics private Logger logger = Logger.getLogger(getClass().getName()); // define a bean for ViewResolver @Bean public ViewResolver viewResolver() { InternalResourceViewResolver viewResolver = new InternalResourceViewResolver(); viewResolver.setPrefix("/WEB-INF/view/"); viewResolver.setSuffix(".jsp"); return viewResolver; } // define a bean for our security datasource @Bean public DataSource securityDataSource() { // create a connection pool ComboPooledDataSource securityDatasource = new ComboPooledDataSource(); // set the jdbc driver try { securityDatasource.setDriverClass(env.getProperty("jdbc.driver")); } catch (PropertyVetoException exc) { // I'm wrapping this exception as runtime exception. It's unchecked and throwing that, // so, at least the system knows if something goes wrong, or if there's a problem throw new RuntimeException(exc); } // log the connection props // just for sanity's sake. if it's reading from properties file logger.info(">>> jdbc.url= " + env.getProperty("jdbc.url")); logger.info(">>> jdbc.user= " + env.getProperty("jdbc.user")); logger.info(">>> jdbc.password= " + env.getProperty("jdbc.password")); // set the database connection props securityDatasource.setJdbcUrl(env.getProperty("jdbc.url")); securityDatasource.setUser(env.getProperty("jdbc.user")); securityDatasource.setPassword(env.getProperty("jdbc.password")); // set the connection pool props securityDatasource.setInitialPoolSize( getIntProperty("connection.pool.initialPoolSize")); securityDatasource.setMinPoolSize( getIntProperty("connection.pool.minPoolSize")); securityDatasource.setMaxPoolSize( getIntProperty("connection.pool.maxPoolSize")); securityDatasource.setMaxIdleTime( getIntProperty("connection.pool.maxIdleTime")); return securityDatasource; } // need a helper method // read environment property and convert to int private int getIntProperty(String propName) { String propValue = env.getProperty(propName); // now convert to int int intPropValue = Integer.parseInt(propValue); return intPropValue; } }
这是安全配置
@Configuration @EnableWebSecurity 公共类 AppSecurityConfig 扩展 WebSecurityConfigurerAdapter {
// add a reference to our security data source @Autowired private DataSource securityDataSource; @Autowired public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception { /* //inMemoryAuthentication deprecated in latest Spring auth.inMemoryAuthentication().withUser("john").password("111").roles( "EMPLOYEE"); auth.inMemoryAuthentication().withUser("mary").password("111").roles( "EMPLOYEE", "MANAGER"); auth.inMemoryAuthentication().withUser("susan").password("111").roles( "EMPLOYEE", "ADMIN"); */ // use jdbc aunthetication // tell Spring Security to use JDBC authentication with our data source auth.jdbcAuthentication().dataSource(securityDataSource); } /** * Configure security of web paths in application, login, logout etc */ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() // .anyRequest().authenticated() // any request to the app must be authenticated // (i.e. logging in) .antMatchers("/").hasRole("EMPLOYEE").antMatchers("/leaders/**").hasRole("MANAGER") // show our custom form at the request mapping "/showMyLoginPage" .antMatchers("/systems/**").hasRole("ADMIN").and().formLogin().loginPage("/showLoginPage") .loginProcessingUrl("/authenticateTheUser") // Login form should POST data to this URL for processing // (check username & password) .usernameParameter("username") // don't add this in spring 5 .passwordParameter("password") // don't add this in spring 5 .permitAll() // Allow everyone to see login page. No need to be logged in. .and().logout().permitAll().and().exceptionHandling().accessDeniedPage("/access-denied"); }
}
这是MvcDispatchServletInitializer
公共类 AppSpringMvsDispatcherServlerInitializer 扩展 AbstractAnnotationConfigDispatcherServletInitializer {
@Override protected Class<?>[] getRootConfigClasses() { return new Class[] {AppConfig.class}; } @Override protected Class<?>[] getServletConfigClasses() { return null; } @Override protected String[] getServletMappings() { return new String[] {"/"}; }
}
这是SecurityWebApplicationInitializer
公共类 SecurityWebApplicationInitializer 扩展 AbstractSecurityWebApplicationInitializer {
}
这是pom.xml
http://maven.apache.org/xsd/maven-4.0.0.xsd">4.0.0
<groupId>com.nike.mycoolwebapp</groupId> <artifactId>mycoolwebapp</artifactId> <version>1.0</version> <packaging>war</packaging> <name>mycoolwebapp</name> <properties> <springframework.version>4.1.6.RELEASE</springframework.version> <springsecurity.version>4.0.1.RELEASE</springsecurity.version> <c3po.version>0.9.5.2</c3po.version> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> </properties> <dependencies> <!-- Spring MVC support --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${springframework.version}</version> </dependency> <!-- Spring Security --> <!-- spring-security-web and spring-security-config --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${springsecurity.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${springsecurity.version}</version> </dependency> <!-- Add Spring Security Taglibs support --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>${springsecurity.version}</version> </dependency> <!-- Add MySQL support --> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>8.0.18</version> </dependency> <!-- Add c3p0 support --> <dependency> <groupId>com.mchange</groupId> <artifactId>c3p0</artifactId> <version>${c3po.version}</version> </dependency> <!-- Servlet, JSP and JSTL support --> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> </dependency> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>javax.servlet.jsp-api</artifactId> <version>2.3.1</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <!-- to compensate for java 9+ not including jaxb --> <dependency> <groupId>javax.xml.bind</groupId> <artifactId>jaxb-api</artifactId> <version>2.3.0</version> </dependency> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> </dependencies> <!-- TO DO: Add support for Maven WAR Plugin --> <build> <finalName>mycoolwebapp</finalName> <pluginManagement> <plugins> <plugin> <!-- Add Maven coordinates (GAV) for: maven-war-plugin --> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>3.2.0</version> </plugin> </plugins> </pluginManagement> </build>
这是应用控制器
@Controller 公共类 AppController {
@RequestMapping(value = "/", method = RequestMethod.GET) public String showHome() { return "home"; } // add a request mapping for /leaders @RequestMapping(value = "/leaders", method = RequestMethod.GET) public String showLeader() { return "leaders"; } // add a request mapping for /systems @RequestMapping(value = "/systems", method = RequestMethod.GET) public String showAdmin() { return "systems"; }
}
这是登录控制器。
@Controller 公共类登录控制器 {
@RequestMapping(value = "/showLoginPage", method = RequestMethod.GET) public String showLoginPage() { return "fancy-login"; } // add a request mapping for /access-denied @RequestMapping(value = "/access-denied", method = RequestMethod.GET) public String showAccessDenied() { return "access-denied"; }
}
这是MySQL 表
解决方案
- 从数据库中删除 {noop}。{noop} 或 {bcrypt} 在 Spring 5 中。
推荐阅读
- r - char 和 character 对象之间的区别
- python - 如何在 Windows 中使用 SQLAlchemy 对 Postgres 执行单元测试?
- java - 如何打印数组中的重复项?
- c# - 使用 Postman 从 API 检索的数据与使用 C# 程序时不同
- outlook - 通过 ECP 将委托添加到邮箱时,ExchangeServices.GetDelegates 的结果未反映更改
- c# - “SQLException was unhandled”System.Data.dll 中发生了“System.Data.SqlClient.SqlException”类型的未处理异常
- javascript - 如何将控制台日志中的结果保存到数据库?
- spring - Spring Boot 返回字符串而不是视图
- python - 获取两个多边形相交区域的坐标(在 Python 中)
- python - 检测和打印条纹