This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
For method 1,Spring security was not intercepting request and i didn't see errors in console.Instead of intercepting the request i was directly taken to welcome.jsp.
P.S - Since i was not trying authorization, i didn't use 'authorities-by-username-query' attribute below in security context xml. I'm not sure if its mandatory to create a table for authorization as well.
Below is my security-context.xml:
How can i debug this kind of scenarios effectively if errors are not shown in console. I've already SL4J logging enabled through maven.
For method 2, i created spring specific database tables in the name of “USERS” and “AUTHORITIES” after following linklink. Here SQL query is not used in xml as shown below.
Every thing remains same except for security-context.xml.
when i tried the above way, even though i enter correct user name & password, i was getting 'bad credentials' message [But yes, in this case spring security is intercepting the request]. I'm using Oracle database.
Please guide me where i'm going wrong in both the cases. Advance thanks.
Thanks for the reply. I've tried in-memory authentication and it worked fine for me. But for D/B Authentication i always keep on getting 'Bad credentials' error. I did check the link which you've referred and executed the query manually to check if its working. I found query working without any problem as there was no trailing space issues.
Now I've following 'users_detail' table in D/B :
USERNAME VARCHAR2 (50 Byte)
PASSWORD VARCHAR2 (50 Byte)
Data in the 'users_detail' table :
USER_ID USERNAME PASSWORD ENABLED
100 user 123456 1
My query is in security-context.xml :
"select username,password, enabled from users_detail where username=?"
when i execute the query manually i.e. select username,password,enabled from users_detail where username='user'. i get the resultsets.
Where am i going wrong ? Why is it that JdbcUserDetailsManager class always return 'Query returned no results for user 'user' ' even though there is an entry for the same in D/B.
DEBUG: org.springframework.security.provisioning.JdbcUserDetailsManager - Query returned no results for user 'user'
DEBUG: org.springframework.security.authentication.dao.DaoAuthenticationProvider - User 'user' not found
Debug mode doesn't show which method of JdbcUserDetailsManager class is being executed when i get the above error. How can i know that? Also, does spring internally do any encryption/decryption technique while saving password field?
OK. First, yes you need both queries whether you are doing Authorization or not. Because you are using the built in JDBC UserDetails Service. Real class name JdbcDaoImpl.
I would also guess for the second example the Encryption MD5 is where the passwords aren't matching. Meaning in the database it is stored plain text, but the incoming login request has it in MD5, so they don't match.
You need to make sure the passwords are stored in the db encrypted MD5.