wood burning stoves 2.0*
The moose likes Spring and the fly likes Spring security problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring security problem" Watch "Spring security problem" New topic
Author

Spring security problem

Ashok Pradhan
Ranch Hand

Joined: Dec 17, 2007
Posts: 180

I have created a simple Spring Security application which stores username and password in database table .
The app is not working even if I gave correct username and password .

my spring-security.xml file is as follows :


I have configured dataSource bean in application context and it is working fine as other components using jdbc works fine.

If I use in-memory authentication then it works fine .

Actually when I gave correct username and password to login page in server console it show this message

01:10:16,357 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (http-localhost-127.0.0.1-8080-6) Loading XML bean definitions from class path resource [org/springframework/jdbc/support/sql-error-codes.xml]
01:10:16,472 INFO [org.springframework.jdbc.support.SQLErrorCodesFactory] (http-localhost-127.0.0.1-8080-6) SQLErrorCodes loaded: [DB2, Derby, H2, HSQL, Informix, MS-SQL, MySQL, Oracle, PostgreSQL, Sybase]


I have created two table for storing username,password and roles as USERS and USER_ROLES as follows :

CREATE TABLE "USERS"
( "USERNAME" VARCHAR2(40) NOT NULL ENABLE,
"PASSWORD" VARCHAR2(40) NOT NULL ENABLE,
CONSTRAINT "USERS_PK" PRIMARY KEY ("USERNAME") ENABLE
) ;
CREATE TABLE "USER_ROLES"
( "USERNAME" VARCHAR2(40) NOT NULL ENABLE,
"ROLENAME" VARCHAR2(10) NOT NULL ENABLE,
CONSTRAINT "USER_ROLES_PK" PRIMARY KEY ("USERNAME", "ROLENAME") ENABLE
) ;ALTER TABLE "USER_ROLES" ADD CONSTRAINT "USER_ROLES_FK" FOREIGN KEY ("USERNAME")
REFERENCES "USERS" ("USERNAME") ENABLE;


Please help !!

Kathleen Angeles
Ranch Hand

Joined: Aug 06, 2012
Posts: 122

Add a third item in the 'select' statement (a boolean), to represent if the user access is enabled or not.

If your system doesnt have such field, you can hardcode it like below.



- k


--------------------------------------------------------------------------------------------------
[SpringSource Certified Spring Professional - Practice Tests]
Ashok Pradhan
Ranch Hand

Joined: Dec 17, 2007
Posts: 180

Thanks Kathleen Angeles !!

I have changed the line



Still not working ,I have also tested using


and



and



Nothing works !!

I am using Oracle 11g XE as my database !!
Kathleen Angeles
Ranch Hand

Joined: Aug 06, 2012
Posts: 122

Improve the query as below (where I add 'u.' before the last 'username').




Also, look deeper into the logs for other error messages.

In addition, when you say 'it doesnt work', what exactly happens? Is the authentication process completed and you get a invalid userid/password message? Or something else?
Kathleen Angeles
Ranch Hand

Joined: Aug 06, 2012
Posts: 122

Adding the 'u.' I mentioned above should fix it.

I tried your query on my Oracle XE using SQL Developer, and the query is rejected (query is 'ambiguous'). Oracle rejects it. He doesnt know which 'username' you are referring to. It should be 'u.username' or 'ur.username'.
Ashok Pradhan
Ranch Hand

Joined: Dec 17, 2007
Posts: 180

Again thanks Kathleen !!

Changed the code as you have suggested..



After changed to this when I login using correct username and password in login page it shows me invalid username or password !!

My mappings are


and



And I have 1 row in USERS table
username|password
--------------------------
ashok |admin

and 1 row in USER_ROLES table
username|rolename
--------------------------
ashok |ADMIN


About error Log
After a fresh deploy when I login using correct username/password it shows this


19:37:31,398 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html

19:37:40,999 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (http-localhost-127.0.0.1-8080-2) Loading XML bean definitions from class path resource [org/springframework/jdbc/support/sql-error-codes.xml]
19:37:41,097 INFO [org.springframework.jdbc.support.SQLErrorCodesFactory] (http-localhost-127.0.0.1-8080-2) SQLErrorCodes loaded: [DB2, Derby, H2, HSQL, Informix, MS-SQL, MySQL, Oracle, PostgreSQL, Sybase]
19:37:41,218 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html

19:37:41,219 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You have entered invalid username or password



and subsequent login attempt with correct username/password shows this in log with invalid username/password in login page

19:40:14,873 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html
19:40:20,832 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html
19:40:20,834 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You have entered invalid username or password



For login attempt with incorrect username/password whether it is a fresh request after deployment or subsequent login attempt
it shows invalid username or password in login page and this log message

19:41:25,877 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html
19:41:33,321 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html
19:41:33,322 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You have entered invalid username or password



Again thanks for your kind help !!
Kathleen Angeles
Ranch Hand

Joined: Aug 06, 2012
Posts: 122

What I mentioned in my post above somewhere, was to add 'true', without the quotes. Try that one.

Ashok Pradhan
Ranch Hand

Joined: Dec 17, 2007
Posts: 180

Tested with this still not working...




I have also tried with TRUE but does not help ...
Ashok Pradhan
Ranch Hand

Joined: Dec 17, 2007
Posts: 180

my whole project is available here

http://t2springsecurity.googlecode.com/svn/trunk/
Kathleen Angeles
Ranch Hand

Joined: Aug 06, 2012
Posts: 122

Try execute your 2 select statements on your oracle client, eg. toad, sql developer, etc.

This is to check if your query gets what you wanted it to get.
Kathleen Angeles
Ranch Hand

Joined: Aug 06, 2012
Posts: 122

Check also trailing spaces in your table column data on these columns - username and password.

If you have trailing spaces, you can use oracle trim() to trim the result data. E.g. 'select trim(username), trim(password)'.
Ashok Pradhan
Ranch Hand

Joined: Dec 17, 2007
Posts: 180

When I execute these two queries in Oracle it returns the correct result



Without double quote int true results error



ORA-00904: "TRUE": invalid identifier


Thanks !!
Kathleen Angeles
Ranch Hand

Joined: Aug 06, 2012
Posts: 122

Hi,

Apparently, in Oracle you have to put a numeric item on that part.

Try:

Ashok Pradhan
Ranch Hand

Joined: Dec 17, 2007
Posts: 180

Thank you Kathleen at last it is just worked !!

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Spring security problem
 
Similar Threads
Basic form-based authentication question...
How to implement Spring Form Based Authenticationand Authorization without session scope ?
The DD security-role element in web.xml
Resin DB-pooling + authentication. HELP!
nullpointer with @Autowired AuthenticationManager