Courses
Sections
Projects
Wiki
News
Forums
Surveys
Mailing Lists| Author | Message |
|---|---|
|
cysun
Posts: 2935
|
Posted 16:40 Aug 12, 2015 |
CSRF protection became default in the newer versions of Spring Security, and I just realized that it affects not just login/logout but also file uploading. In particular, when you upload files, you need to put the CSRF token in the query string, something like this:
Last edited by cysun at
16:40 Aug 12, 2015.
|
|
lishenyu
Posts: 103
|
Posted 15:46 Aug 13, 2015 |
Hi Dr sun , when I login , it gave me an error message : ~Your login attempt was not successful, try again. Reason: PreparedStatementCallback; bad SQL grammar [select username,password,enabled from users where username = ?]; nested exception is org.postgresql.util.PSQLException: ERROR: column "username" does not exist Position: 8 But in fact I have changed the authorities-by-username-query="select u.email, a.role...." in applicationContext file , why it still has this error ? |
|
cysun
Posts: 2935
|
Posted 16:20 Aug 13, 2015 |
My guess is that you have an email column instead of a username column, so you need to customize the other query too. |
|
lishenyu
Posts: 103
|
Posted 16:46 Aug 13, 2015 |
o I got it . Last edited by lishenyu at
16:52 Aug 13, 2015.
|
|
lishenyu
Posts: 103
|
Posted 20:25 Aug 13, 2015 |
Hi Dr sun , If we want to use SecurityContextHolder.getContext().getAuthentication().getPrincipal() to get login user , our User class must implement UserDetails interface ? At first I used User user =(User)SecurityContextHolder.getContext() .getAuthentication().getPrincipal() to get a user , it gave me an error : can't cast from string to User . |
|
lishenyu
Posts: 103
|
Posted 22:43 Aug 13, 2015 |
I have @Service(“userService”) annotation in UserDetailsServiceImpl class ,but when I run my project it gave me error of : Error creating bean with name 'org.springframework.security.authentication.dao.DaoAuthenticationProvider#0': Cannot resolve reference to bean 'userService' while setting bean property 'userDetailsService'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'userService' is defined |
|
cysun
Posts: 2935
|
Posted 23:48 Aug 13, 2015 |
You probably need a <component-scan> to scan the package that includes userService. |
|
lishenyu
Posts: 103
|
Posted 23:51 Aug 13, 2015 |
now my component-scan is :base-package="csjobs.model" , you mean I can change it to base-package="csjobs" it will solve this problem right ? And also this problem : At first I used User user =(User)SecurityContextHolder.getContext() .getAuthentication().getPrincipal() to get a user , it gave me an error : can't cast from string to User . Why getPrincipal() returns string instead of UserDetails object ? Thanks ! Last edited by lishenyu at
23:55 Aug 13, 2015.
|
|
cysun
Posts: 2935
|
Posted 07:45 Aug 14, 2015 |
Which package is your UserService in? |
|
lishenyu
Posts: 103
|
Posted 10:26 Aug 14, 2015 |
It's in csjobs.web.controller , I think the base-component also needs to scan the models , so just let it scan the whole csjobs package. Could you also tell me why getPrincipal() return a String instead of a UserDetails Object ? I fail to get a User object from it . Thanks ! |
|
cthanh
Posts: 56
|
Posted 22:05 Aug 14, 2015 |
I'm having the same problem regarding the use of Principal as a User Object |
|
cysun
Posts: 2935
|
Posted 22:18 Aug 14, 2015 |
The problem is that Security Security is using its own UserDetails implementation instead of your User class. Make sure you follow the steps about "Replace Default Principal Implementation" in the lecture, and make sure the login URL is correct so that authentication is done by Spring Security, not your own controller. |
|
cthanh
Posts: 56
|
Posted 02:03 Aug 15, 2015 |
I believe I was able to make it work by adding some missing beans references in applicationContext.xml following the sample code in csns2 However, I'm having an issue now with the actual login process. My usernames and passwords are returning invalid credentials. Is the Spring controller for login using the Md5PasswordEncoder of the password i enter to compare with the plain text stored in the database, thus not matching returning an invalid login? I tried to store the password in the database as a MD5 Hash Encryption, but that didn't work either. I am using Spring's default login page, not my own. I'm not sure if something is not mapped correctly or the password is just plain wrong. Thanks Last edited by cthanh at
02:05 Aug 15, 2015.
|
|
cysun
Posts: 2935
|
Posted 08:45 Aug 15, 2015 |
I don't quite get what you are talking about. Post your <authentication-manager> here. |
|
cthanh
Posts: 56
|
Posted 11:05 Aug 15, 2015 |
<context:component-scan base-package="csjobs.model" /> <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" /> <security:authentication-manager>
my UserDetailsServiceImpl class is in the cjobs.security package and my User class implements UserDetails I also created a UserDao method, getUserByUsername |
|
cysun
Posts: 2935
|
Posted 11:14 Aug 15, 2015 |
This should work if the passwords in the database are encrypted with md5. Do some debugging to make sure myUserService is indeed called with the username (or email) provided. You can also check if it works with plaintext password & no password encoder. |
|
cthanh
Posts: 56
|
Posted 11:19 Aug 15, 2015 |
I got it working. My userDao method was checking the login to email instead of username. i also removed the password encoder to check against plain text.
Thanks! |
