mons.dbcp.BasicDataSourcequot; destroy-method=quot;closequot; id=quot;dataSourcequot;gt; lt;property name=quot;driverClassNamequot; value=quot;org.postgresql.Driverquot;/gt; lt;property name=quot;uclquot; value=quot;jdbc:postgresql--localhost:5432/testquot;/gt; lt;property name=quot;usernamequot; value=quot;testquot;/gt; lt;property name=quot;passwordquot; value=quot;testquot;/gt; lt;/beangt;
Authorization works good when I don't use db (and users are stored in file applicationContext-security.xml)
I have to tables in my db:
Code:
CREATE TABLE test_schema.users
( username character(50) NOT NULL, quot;passwordquot; character(50) NOT NULL, enabled boolean NOT NULL, CONSTRAINT users_pkey PRIMARY KEY (username)
)
WITH ( OIDS=FALSE
);
ALTER TABLE test_schema.users OWNER TO test;
CREATE TABLE test_schema.authorities
( username character(50) NOT NULL, authority character(50) NOT NULL, CONSTRAINT fk_authorities_users FOREIGN KEY (username) REFERENCES test_schema.users (username) MATCH SIMPLE ON UPDATE NO ACTION ON DELETE NO ACTION
)
WITH ( OIDS=FALSE
);
ALTER TABLE test_schema.authorities OWNER TO test;
CREATE UNIQUE INDEX ix_auth_username ON test_schema.authorities USING btree (username, authority);
What is wrong? Pls help me
Agatha
Please check the debug log for the actual error.
This is my log
Code:
2010-08-23 21:57:28,453 [from-8080-1] DEBUG org.hibernate.impl.SessionImpl - opened session at timestamp: 12825934484
2010-08-23 21:57:28,453 [from-8080-1] DEBUG org..security.web.FilterChainProxy - Converted ucl to lowercase, from: '/static/j_spring_security_check'; to: '/static/j_spring_security_check'
2010-08-23 21:57:28,453 [from-8080-1] DEBUG org..security.web.FilterChainProxy - Candidate is: '/static/j_spring_security_check'; pattern is /**; matched=true
2010-08-23 21:57:28,453 [from-8080-1] DEBUG org..security.web.FilterChainProxy - /static/j_spring_security_check at position 1 of 10 in additional filter chain; firing Filter: 'org..security.web.context.SecurityContextPersistenceFilter@17da562'
2010-08-23 21:57:28,453 [from-8080-1] DEBUG org..security.web.context.fromSessionSecurityContextRepository - fromSession returned null object for SPRING_SECURITY_CONTEXT
2010-08-23 21:57:28,453 [from-8080-1] DEBUG org..security.web.context.fromSessionSecurityContextRepository - No SecurityContext was available from the fromSession: org.apache.catalina.session.StandardSessionFacade@19a8c41. A new one will be created.
2010-08-23 21:57:28,453 [from-8080-1] DEBUG org..security.web.FilterChainProxy - /static/j_spring_security_check at position 2 of 10 in additional filter chain; firing Filter: 'org..security.web.authentication.logout.LogoutFilter@1300800'
2010-08-23 21:57:28,453 [from-8080-1] DEBUG org..security.web.FilterChainProxy - /static/j_spring_security_check at position 3 of 10 in additional filter chain; firing Filter: 'org..security.web.authentication.UsernamePasswordAuthenticationFilter@5d5033'
2010-08-23 21:57:28,453 [from-8080-1] DEBUG org..security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
2010-08-23 21:57:28,468 [from-8080-1] DEBUG org..security.authentication.ProviderManager - Authentication attempt using org..security.authentication.dao.DaoAuthenticationProvider
2010-08-23 21:57:28,750 [from-8080-1] DEBUG org..jdbc.core.JdbcTemplate - Executing prepared SQL query
2010-08-23 21:57:28,750 [from-8080-1] DEBUG org..jdbc.core.JdbcTemplate - Executing prepared SQL statement [SELECT username, password, enabled FROM test_schema.users WHERE username=?;]
2010-08-23 21:57:28,750 [from-8080-1] DEBUG org..jdbc.datasource.DataSourceUtils - Fetching JDBC Connection from DataSource
2010-08-23 21:57:28,765 [from-8080-1] DEBUG org..jdbc.datasource.DataSourceUtils - Returning JDBC Connection to DataSource
2010-08-23 21:57:28,781 [from-8080-1] DEBUG org..jdbc.core.JdbcTemplate - Executing prepared SQL query
2010-08-23 21:57:28,781 [from-8080-1] DEBUG org..jdbc.core.JdbcTemplate - Executing prepared SQL statement [SELECT username, authority FROM test_schema.authorities WHERE username=?;]
2010-08-23 21:57:28,781 [from-8080-1] DEBUG org..jdbc.datasource.DataSourceUtils - Fetching JDBC Connection from DataSource
2010-08-23 21:57:28,781 [from-8080-1] DEBUG org..jdbc.datasource.DataSourceUtils - Returning JDBC Connection to DataSource
2010-08-23 21:57:28,781 [from-8080-1] DEBUG org..security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org..security.authentication.BadCredentialsException: Bad credentials
2010-08-23 21:57:28,781 [from-8080-1] DEBUG org..security.web.authentication.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
2010-08-23 21:57:28,781 [from-8080-1] DEBUG org..security.web.authentication.UsernamePasswordAuthenticationFilter - Delegating to authentication failure handlerorg..security.web.authentication.SimpleuclAuthenticationFailureHandler@11dc088
2010-08-23 21:57:28,781 [from-8080-1] DEBUG org..security.web.authentication.SimpleuclAuthenticationFailureHandler - Redirecting to /login?login_error=tDo both the queries return data if you run them by hand? If either is empty, you will get a UsernameNotfoundException, which is translated into a BadCredentialsException by default and the authentication will fail. I'd guess the authorities query isn't returning any data for the user in question.
The both queries return data if I run them by hand..
I would write a unit test and step through it in a debugger to see what's happening. I think we could also use some more logging output in the DAO-based classes to make it clearer why a particular authentication request fails SEC-1548.
I fixed my bug..
I used character data type in my postgres db, but it's type with constant length, so the string is fulfil with spaces. We need to use character varying.
What a stupid problem.. |
Post at 2011-4-15 14:58
| This Author's Posts Only
