JDBC 身份验证中的 PreparedStatmentCallBack 错误
PreparedStatmentCallBack error in JDBC authentication
我正在进行 JDBC 身份验证,当我尝试访问 API 时,它会在不询问用户名和密码的情况下给出 "FORBIDDEN"。
这是我的安全配置。
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity(debug = true)
static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Value("${spring.queries.users-query}")
private String usersQuery;
@Value("${spring.queries.roles-query}")
private String rolesQuery;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.
jdbcAuthentication()
.usersByUsernameQuery(usersQuery)
.authoritiesByUsernameQuery(rolesQuery)
.dataSource(dataSource);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().authorizeRequests().//
antMatchers(HttpMethod.GET, "/vendor/**", "/usermanagement").hasRole("USER").//
antMatchers(HttpMethod.POST, "/vendor","/usermanagement").hasRole("LEAD").//
antMatchers(HttpMethod.PUT, "/vendor/**", "/usermanagement").hasRole("LEAD").//
antMatchers(HttpMethod.DELETE, "/vendor/**", "/usermanagement").hasRole("ADMIN").and().//
csrf().disable();
}
}
spring.queries.users-query=select name, password, active from users where name=?
spring.queries.roles-query=select u.name, r.role from users u inner join user_role ur on(u.user_id=ur.user_id) inner join role r on(ur.role_id=r.role_id) where u.name=?
当我提供正确的身份验证时,我无法登录,错误是,
"message": "PreparedStatementCallback; SQL [select name, password from users where name=?]; The column index is out of range: 3, number of columns: 2.; nested exception is org.postgresql.util.PSQLException: The column index is out of range: 3, number of columns: 2.",
模型实体是:
@Entity
@Table(name = "role")
public class RoleEntity {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="role_id")
private int id;
@Column(name="role")
private String role;
}
@Entity
@Table(name = "users")
public class UserEntity {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="user_id")
private int id;
private String password;
private String name;
private boolean active;
@ManyToMany(cascade = CascadeType.ALL)
@JoinTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"), inverseJoinColumns = @JoinColumn(name = "role_id"))
private Set<RoleEntity> roles;
}
我在数据库中的条目是
用户table
user_id 姓名密码
1 插孔插孔
角色table
role_id角色
1 位管理员
2 位用户
3 铅
user_role table
user_idrole_id
1 1
1 2
1 3
根据 JdbcUserDetailsManagerConfigurer.usersByUsernameQuery javadoc,您必须提供一个查询:
for selecting the username, password, and if the user is enabled by username. Must contain a single parameter for the username.
您似乎 select 仅输入用户名和密码,将第三列添加到您的 select(如果用户始终启用,则为 true)
spring.queries.users-query=select name, password, true from users where name=?
希望对您有所帮助。
我正在进行 JDBC 身份验证,当我尝试访问 API 时,它会在不询问用户名和密码的情况下给出 "FORBIDDEN"。
这是我的安全配置。
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity(debug = true)
static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Value("${spring.queries.users-query}")
private String usersQuery;
@Value("${spring.queries.roles-query}")
private String rolesQuery;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.
jdbcAuthentication()
.usersByUsernameQuery(usersQuery)
.authoritiesByUsernameQuery(rolesQuery)
.dataSource(dataSource);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().authorizeRequests().//
antMatchers(HttpMethod.GET, "/vendor/**", "/usermanagement").hasRole("USER").//
antMatchers(HttpMethod.POST, "/vendor","/usermanagement").hasRole("LEAD").//
antMatchers(HttpMethod.PUT, "/vendor/**", "/usermanagement").hasRole("LEAD").//
antMatchers(HttpMethod.DELETE, "/vendor/**", "/usermanagement").hasRole("ADMIN").and().//
csrf().disable();
}
}
spring.queries.users-query=select name, password, active from users where name=?
spring.queries.roles-query=select u.name, r.role from users u inner join user_role ur on(u.user_id=ur.user_id) inner join role r on(ur.role_id=r.role_id) where u.name=?
当我提供正确的身份验证时,我无法登录,错误是,
"message": "PreparedStatementCallback; SQL [select name, password from users where name=?]; The column index is out of range: 3, number of columns: 2.; nested exception is org.postgresql.util.PSQLException: The column index is out of range: 3, number of columns: 2.",
模型实体是:
@Entity
@Table(name = "role")
public class RoleEntity {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="role_id")
private int id;
@Column(name="role")
private String role;
}
@Entity
@Table(name = "users")
public class UserEntity {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="user_id")
private int id;
private String password;
private String name;
private boolean active;
@ManyToMany(cascade = CascadeType.ALL)
@JoinTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"), inverseJoinColumns = @JoinColumn(name = "role_id"))
private Set<RoleEntity> roles;
}
我在数据库中的条目是
用户table
user_id 姓名密码
1 插孔插孔
角色table
role_id角色
1 位管理员
2 位用户
3 铅
user_role table
user_idrole_id
1 1
1 2
1 3
根据 JdbcUserDetailsManagerConfigurer.usersByUsernameQuery javadoc,您必须提供一个查询:
for selecting the username, password, and if the user is enabled by username. Must contain a single parameter for the username.
您似乎 select 仅输入用户名和密码,将第三列添加到您的 select(如果用户始终启用,则为 true)
spring.queries.users-query=select name, password, true from users where name=?
希望对您有所帮助。