• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Spring security problem

 
Ranch Hand
Posts: 180
Netbeans IDE Eclipse IDE Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have created a simple Spring Security application which stores username and password in database table .
The app is not working even if I gave correct username and password .

my spring-security.xml file is as follows :


I have configured dataSource bean in application context and it is working fine as other components using jdbc works fine.

If I use in-memory authentication then it works fine .

Actually when I gave correct username and password to login page in server console it show this message

01:10:16,357 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (http-localhost-127.0.0.1-8080-6) Loading XML bean definitions from class path resource [org/springframework/jdbc/support/sql-error-codes.xml]
01:10:16,472 INFO [org.springframework.jdbc.support.SQLErrorCodesFactory] (http-localhost-127.0.0.1-8080-6) SQLErrorCodes loaded: [DB2, Derby, H2, HSQL, Informix, MS-SQL, MySQL, Oracle, PostgreSQL, Sybase]


I have created two table for storing username,password and roles as USERS and USER_ROLES as follows :

CREATE TABLE "USERS"
( "USERNAME" VARCHAR2(40) NOT NULL ENABLE,
"PASSWORD" VARCHAR2(40) NOT NULL ENABLE,
CONSTRAINT "USERS_PK" PRIMARY KEY ("USERNAME") ENABLE
) ;
CREATE TABLE "USER_ROLES"
( "USERNAME" VARCHAR2(40) NOT NULL ENABLE,
"ROLENAME" VARCHAR2(10) NOT NULL ENABLE,
CONSTRAINT "USER_ROLES_PK" PRIMARY KEY ("USERNAME", "ROLENAME") ENABLE
) ;ALTER TABLE "USER_ROLES" ADD CONSTRAINT "USER_ROLES_FK" FOREIGN KEY ("USERNAME")
REFERENCES "USERS" ("USERNAME") ENABLE;


Please help !!

 
Ranch Hand
Posts: 123
Firefox Browser Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Add a third item in the 'select' statement (a boolean), to represent if the user access is enabled or not.

If your system doesnt have such field, you can hardcode it like below.



- k


--------------------------------------------------------------------------------------------------
[SpringSource Certified Spring Professional - Practice Tests]
 
Ashok Pradhan
Ranch Hand
Posts: 180
Netbeans IDE Eclipse IDE Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Kathleen Angeles !!

I have changed the line



Still not working ,I have also tested using


and



and



Nothing works !!

I am using Oracle 11g XE as my database !!
 
Kathleen Angeles
Ranch Hand
Posts: 123
Firefox Browser Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Improve the query as below (where I add 'u.' before the last 'username').




Also, look deeper into the logs for other error messages.

In addition, when you say 'it doesnt work', what exactly happens? Is the authentication process completed and you get a invalid userid/password message? Or something else?
 
Kathleen Angeles
Ranch Hand
Posts: 123
Firefox Browser Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Adding the 'u.' I mentioned above should fix it.

I tried your query on my Oracle XE using SQL Developer, and the query is rejected (query is 'ambiguous'). Oracle rejects it. He doesnt know which 'username' you are referring to. It should be 'u.username' or 'ur.username'.
 
Ashok Pradhan
Ranch Hand
Posts: 180
Netbeans IDE Eclipse IDE Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Again thanks Kathleen !!

Changed the code as you have suggested..



After changed to this when I login using correct username and password in login page it shows me invalid username or password !!

My mappings are


and



And I have 1 row in USERS table
username|password
--------------------------
ashok |admin

and 1 row in USER_ROLES table
username|rolename
--------------------------
ashok |ADMIN


About error Log
After a fresh deploy when I login using correct username/password it shows this


19:37:31,398 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html

19:37:40,999 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] (http-localhost-127.0.0.1-8080-2) Loading XML bean definitions from class path resource [org/springframework/jdbc/support/sql-error-codes.xml]
19:37:41,097 INFO [org.springframework.jdbc.support.SQLErrorCodesFactory] (http-localhost-127.0.0.1-8080-2) SQLErrorCodes loaded: [DB2, Derby, H2, HSQL, Informix, MS-SQL, MySQL, Oracle, PostgreSQL, Sybase]
19:37:41,218 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html

19:37:41,219 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You have entered invalid username or password



and subsequent login attempt with correct username/password shows this in log with invalid username/password in login page

19:40:14,873 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html
19:40:20,832 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html
19:40:20,834 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You have entered invalid username or password



For login attempt with incorrect username/password whether it is a fresh request after deployment or subsequent login attempt
it shows invalid username or password in login page and this log message

19:41:25,877 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html
19:41:33,321 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You are trying to access /login.html
19:41:33,322 INFO [stdout] (http-localhost-127.0.0.1-8080-2) You have entered invalid username or password



Again thanks for your kind help !!
 
Kathleen Angeles
Ranch Hand
Posts: 123
Firefox Browser Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What I mentioned in my post above somewhere, was to add 'true', without the quotes. Try that one.

 
Ashok Pradhan
Ranch Hand
Posts: 180
Netbeans IDE Eclipse IDE Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tested with this still not working...




I have also tried with TRUE but does not help ...
 
Ashok Pradhan
Ranch Hand
Posts: 180
Netbeans IDE Eclipse IDE Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
my whole project is available here

http://t2springsecurity.googlecode.com/svn/trunk/
 
Kathleen Angeles
Ranch Hand
Posts: 123
Firefox Browser Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Try execute your 2 select statements on your oracle client, eg. toad, sql developer, etc.

This is to check if your query gets what you wanted it to get.
 
Kathleen Angeles
Ranch Hand
Posts: 123
Firefox Browser Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Check also trailing spaces in your table column data on these columns - username and password.

If you have trailing spaces, you can use oracle trim() to trim the result data. E.g. 'select trim(username), trim(password)'.
 
Ashok Pradhan
Ranch Hand
Posts: 180
Netbeans IDE Eclipse IDE Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When I execute these two queries in Oracle it returns the correct result



Without double quote int true results error



ORA-00904: "TRUE": invalid identifier


Thanks !!
 
Kathleen Angeles
Ranch Hand
Posts: 123
Firefox Browser Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Apparently, in Oracle you have to put a numeric item on that part.

Try:

 
Ashok Pradhan
Ranch Hand
Posts: 180
Netbeans IDE Eclipse IDE Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you Kathleen at last it is just worked !!

 
Happily living in the valley of the dried frogs with a few tiny ads.
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic