I've used a properly running example project (documentation) to create a simple JSF login page working with Spring Security on Tomcat 7 using Eclipse. The above example stores usernames, passwords and roles in applicationContext-security.xml in the following format:
<authentication-provider>
<password-encoder hash="md5" />
<user-service>
<user name="rod"
password="a564de63c2d0da68cf47586ee05984d7"
authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
<user name="peter"
password="22b5c9accc6e1ba628cedc63a72d57f8"
authorities="ROLE_USER" />
</user-service>
</authentication-provider>
I am trying to modify it so that I can use authentication database through JDBC. After making a simple modification, I am no longer able to access my project on the server (404) due to an error (Eclipse does not provide details, or maybe I don't know where to look). Could you please give me some suggestions on what might be going wrong? Thanks.
Below is a complete copy of my updated applicationContext-security.xml:
<beans:beans xmlns="http://www.springframework.org/s开发者_C百科chema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<global-method-security
secured-annotations="enabled">
</global-method-security>
<http
auto-config="true"
access-denied-page="/accessDenied.jsp">
<intercept-url
pattern="/faces/protected**"
access="ROLE_SUPERVISOR,ROLE_USER,ROLE_TELLER" />
<intercept-url
pattern="/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<form-login
login-processing-url="/j_spring_security_check"
login-page="/faces/login.jsf"
default-target-url="/"
authentication-failure-url="/faces/login.jsf" />
<logout
logout-url="/logout*"
logout-success-url="/" />
</http>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"/>
</authentication-provider>
<beans:bean id="userDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<beans:property name="dataSource" ref="dataSource"/>
</beans:bean>
<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<beans:property name="url" value="jdbc:mysql:///mysampledb"/>
<beans:property name="username" value="root"/>
<beans:property name="password" value="root"/>
</beans:bean>
</beans:beans>
The problem is solved! I had to remove this:
<beans:bean id="userDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
<beans:property name="dataSource" ref="dataSource"/>
</beans:bean>
As it created more than one instance of userDetailsService, which caused the error.
精彩评论