Spring security problem

I have created a simple Spring Security application which stores username and password in database table .
The app is not working even if I gave correct username and password .

my spring-security.xml file is as follows :

I have configured dataSource bean in application context and it is working fine as other components using jdbc works fine.

If I use in-memory authentication then it works fine .

Actually when I gave correct username and password to login page in server console it show this message

01:10:16,357 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (http-localhost-127.0.0.1-8080-6) Loading XML bean definitions from class path resource [org/springframework/jdbc/support/sql-error-codes.xml]
01:10:16,472 INFO [org.springframework.jdbc.support.SQLErrorCodesFactory] (http-localhost-127.0.0.1-8080-6) SQLErrorCodes loaded: [DB2, Derby, H2, HSQL, Informix, MS-SQL, MySQL, Oracle, PostgreSQL, Sybase]

I have created two table for storing username,password and roles as USERS and USER_ROLES as follows :

CREATE TABLE "USERS"
( "USERNAME" VARCHAR2(40) NOT NULL ENABLE,
"PASSWORD" VARCHAR2(40) NOT NULL ENABLE,
CONSTRAINT "USERS_PK" PRIMARY KEY ("USERNAME") ENABLE
) ;
CREATE TABLE "USER_ROLES"
( "USERNAME" VARCHAR2(40) NOT NULL ENABLE,
"ROLENAME" VARCHAR2(10) NOT NULL ENABLE,
CONSTRAINT "USER_ROLES_PK" PRIMARY KEY ("USERNAME", "ROLENAME") ENABLE
) ;ALTER TABLE "USER_ROLES" ADD CONSTRAINT "USER_ROLES_FK" FOREIGN KEY ("USERNAME")
REFERENCES "USERS" ("USERNAME") ENABLE;

Please help !!

Add a third item in the 'select' statement (a boolean), to represent if the user access is enabled or not.

If your system doesnt have such field, you can hardcode it like below.

- k

--------------------------------------------------------------------------------------------------
[SpringSource Certified Spring Professional - Practice Tests]

Thanks Kathleen Angeles !!

I have changed the line

Still not working ,I have also tested using

and

and

Nothing works !!

I am using Oracle 11g XE as my database !!

Improve the query as below (where I add 'u.' before the last 'username').

Also, look deeper into the logs for other error messages.

In addition, when you say 'it doesnt work', what exactly happens? Is the authentication process completed and you get a invalid userid/password message? Or something else?

Adding the 'u.' I mentioned above should fix it.

I tried your query on my Oracle XE using SQL Developer, and the query is rejected (query is 'ambiguous'). Oracle rejects it. He doesnt know which 'username' you are referring to. It should be 'u.username' or 'ur.username'.

Again thanks Kathleen !!

Changed the code as you have suggested..

After changed to this when I login using correct username and password in login page it shows me invalid username or password !!

My mappings are

and

And I have 1 row in USERS table
username|password
--------------------------
ashok |admin

and 1 row in USER_ROLES table
username|rolename
--------------------------
ashok |ADMIN

About error Log
After a fresh deploy when I login using correct username/password it shows this

19:37:31,398 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html

19:37:40,999 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (http-localhost-127.0.0.1-8080-2) Loading XML bean definitions from class path resource [org/springframework/jdbc/support/sql-error-codes.xml]
19:37:41,097 INFO [org.springframework.jdbc.support.SQLErrorCodesFactory] (http-localhost-127.0.0.1-8080-2) SQLErrorCodes loaded: [DB2, Derby, H2, HSQL, Informix, MS-SQL, MySQL, Oracle, PostgreSQL, Sybase]
19:37:41,218 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html

19:37:41,219 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You have entered invalid username or password

and subsequent login attempt with correct username/password shows this in log with invalid username/password in login page

19:40:14,873 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html
19:40:20,832 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html
19:40:20,834 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You have entered invalid username or password

For login attempt with incorrect username/password whether it is a fresh request after deployment or subsequent login attempt
it shows invalid username or password in login page and this log message

19:41:25,877 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html
19:41:33,321 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html
19:41:33,322 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You have entered invalid username or password

Again thanks for your kind help !!

What I mentioned in my post above somewhere, was to add 'true', without the quotes. Try that one.

Tested with this still not working...

I have also tried with TRUE but does not help ...

my whole project is available here

http://t2springsecurity.googlecode.com/svn/trunk/

Try execute your 2 select statements on your oracle client, eg. toad, sql developer, etc.

This is to check if your query gets what you wanted it to get.

Check also trailing spaces in your table column data on these columns - username and password.

If you have trailing spaces, you can use oracle trim() to trim the result data. E.g. 'select trim(username), trim(password)'.

When I execute these two queries in Oracle it returns the correct result

Without double quote int true results error

ORA-00904: "TRUE": invalid identifier

Thanks !!

Hi,

Apparently, in Oracle you have to put a numeric item on that part.

Try:

Thank you Kathleen at last it is just worked

!!