CODEWITHSUNDEEP
javamysqlspring-mvcspring-security
Piotr M
Piotr M

Reputation: 509

Only one user accessible spring security

Here is my problem - I'm using Spring Security for authorization users, but I can login only to one user (test). Another users which I'm creating (through website or manually in db not work). db is MySQL , spring security 3.2.6.RELEASE.

security-context.xml:

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans-3.2.xsd


http://www.springframework.org/schema/security

http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http auto-config="true" use-expressions="true">
    <form-login login-page="/"
        default-target-url="/"
        authentication-failure-url="/error"
        username-parameter="username"
        password-parameter="password" />
    <logout logout-success-url="/" delete-cookies="JSESSIONID" invalidate-session="true" /> <!-- określamy przekierowanie po wylogowaniu -->
    <!-- <csrf />   włączamy zabezpieczenie przed csrf -->
    <intercept-url pattern="/addnew" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />
    </http>

    <authentication-manager>
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource" 
                users-by-username-query="SELECT login, pass, mail FROM user WHERE login =?"
                authorities-by-username-query="SELECT login, role FROM roles WHERE login =?" />
        </authentication-provider>
    </authentication-manager>


    <beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
        <beans:property name="driverClassName" value="com.mysql.jdbc.Driver" />
        <beans:property name="url" value="jdbc:mysql://localhost:3306/usersdb" />
        <beans:property name="username" value="root" />
        <beans:property name="password" value="1234" />
    </beans:bean>

</beans:beans>

chunk of .jsp code responsible of login:

<c:set var="sign">
    <c:url value="/j_spring_security_check" />
</c:set>
                        <form class="navbar-form navbar right" action="${sign}" method="POST">
                            <div class="form-group">
                                <input type="text" class="form-control" name="username"
                                    placeholder="Username">
                            </div>
                            <div class="form-group">
                                <input type="password" class="form-control" name="password" placeholder="Password">
                            </div>
                            <button type="submit" class="btn btn-default" name="action">Sign In</button>
                        </form>

Db is connected correctly, because when I'm changing password manually in db for 'test' user, I need to login with neew password. This is User class, but I don't think it's relevant:

package com.codedig.app;

import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;

@Entity //deklaruje, ze mamy do czynienia z encja
public class User {
    //niezalenize czy istnieja gettery/settery (akcesory) wszystkie wlasnosci obiektu sa zapisywane do bd

    @Id //deklaruje klucz wg. którego rozrozniamy encje
    @GeneratedValue(strategy=GenerationType.AUTO)
    @Column(name = "id")
    private int id;
    @Column(name = "login")
    private String login;
    @Column(name = "pass")
    private String pass;
    @Column(name = "mail")
    private String mail;    

    public User() {
        super();
    }

    public User(int id, String login, String pass, String mail) {
        super();
        this.id = id;
        this.login = login;
        this.pass = pass;
        this.mail = mail;
    }

    public int getId() {
        return id;
    }

    public void setId(int id) {
        this.id = id;
    }

    public String getLogin() {
        return login;
    }

    public void setLogin(String login) {
        this.login = login;
    }

    public String getPass() {
        return pass;
    }

    public void setPass(String pass) {
        this.pass = pass;
    }

    public String getMail() {
        return mail;
    }

    public void setMail(String mail) {
        this.mail = mail;
    }

}

Edit: authorities-by-username-query might look a bit messy, but I had problem with 3>2 index (if I recall correctly - if you know how proper query should look like - don't hesitate to point out).

Upvotes: 2

Views: 915

Answers (2)

Piotr M
Piotr M

Reputation: 509

It is not working answer, but I think point into right direction - I forgot about 'enabled' field. After adding it into db and mapping it at User class it is still not working (suprisingly), but the problem probably is, that I'm using hibernate to handle another db at this project. I'm going to change my project to be full hibernate-using, this should fix it.

Upvotes: 1

dunni
dunni

Reputation: 44535

Make sure, that every user has at least one role. If a user has no role, Spring Security will deny a login.

Upvotes: 0

Related Questions