Spring 4 安全、MySQL、c3p0 连接。登录在 Spring 5 中有效,但在 Spring 4 中无效

Posted

技术标签:

【中文标题】Spring 4 安全、MySQL、c3p0 连接。登录在 Spring 5 中有效,但在 Spring 4 中无效【英文标题】:Spring 4 Security,MySQL, c3p0 connection. Login works in Spring 5, but not in Spring 4 【发布时间】:2020-05-21 12:01:33 【问题描述】:

此代码适用于 Spring 5。但我的公司需要 Spring 4。

在 Spring 4 中,登录使用 inMemoryAuthentication 可以正常工作。但是当我添加jdbc逻辑时(c3p0,mysql依赖&&添加DataSource代码&& JDBC连接,c3p0连接池.properties文件);服务器运行,登录页面打开,但身份验证失败(用户名/密码不正确)。

这是包结构

这是 .properties 文件的位置和代码。

    这是配置类

    @配置 @EnableWebMvc @ComponentScan(basePackages = "com.nike.mycoolwebapp") @PropertySource("classpath:persistence-mysql.properties") 公共类 AppConfig

        // set up variable to hold the properties. One can use spring helper classes or use @Autowired
        @Autowired
        private Environment env; // will hold the data read from the properties file
    
        // set up a logger for diagnostics
        private Logger logger = Logger.getLogger(getClass().getName());
    
        // define a bean for ViewResolver
        @Bean
        public ViewResolver viewResolver() 
    
            InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
            viewResolver.setPrefix("/WEB-INF/view/");
            viewResolver.setSuffix(".jsp");
    
            return viewResolver;
        
    
        // define a bean for our security datasource
        @Bean
        public DataSource securityDataSource() 
    
            // create a connection pool
            ComboPooledDataSource securityDatasource  
                    = new ComboPooledDataSource();
    
            // set the jdbc driver
            try 
                securityDatasource.setDriverClass(env.getProperty("jdbc.driver"));
             catch (PropertyVetoException exc) 
                // I'm wrapping this exception as runtime exception. It's unchecked and throwing that,
                // so, at least the system knows if something goes wrong, or if there's a problem
                throw new RuntimeException(exc); 
            
    
            // log the connection props
            // just for sanity's sake. if it's reading from properties file
            logger.info(">>> jdbc.url= " + env.getProperty("jdbc.url"));
            logger.info(">>> jdbc.user= " + env.getProperty("jdbc.user"));
            logger.info(">>> jdbc.password= " + env.getProperty("jdbc.password"));
    
            // set the database connection props
            securityDatasource.setJdbcUrl(env.getProperty("jdbc.url"));
            securityDatasource.setUser(env.getProperty("jdbc.user"));
            securityDatasource.setPassword(env.getProperty("jdbc.password"));
    
            // set the connection pool props
            securityDatasource.setInitialPoolSize(
                    getIntProperty("connection.pool.initialPoolSize"));
    
            securityDatasource.setMinPoolSize(
                    getIntProperty("connection.pool.minPoolSize"));
    
            securityDatasource.setMaxPoolSize(
                    getIntProperty("connection.pool.maxPoolSize"));
    
            securityDatasource.setMaxIdleTime(
                    getIntProperty("connection.pool.maxIdleTime"));
    
            return securityDatasource;
        
    
        // need a helper method
        // read environment property and convert to int
        private int getIntProperty(String propName) 
    
            String propValue = env.getProperty(propName);
    
            // now convert to int
            int intPropValue = Integer.parseInt(propValue);
    
            return intPropValue;
        
    
    
    

    这里是安全配置

    @配置 @EnableWebSecurity 公共类 AppSecurityConfig 扩展 WebSecurityConfigurerAdapter

    // add a reference to our security data source
    @Autowired
    private DataSource securityDataSource;
    
    @Autowired
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception 
    
        /*
          //inMemoryAuthentication deprecated in latest Spring
          auth.inMemoryAuthentication().withUser("john").password("111").roles(
         "EMPLOYEE");
         auth.inMemoryAuthentication().withUser("mary").password("111").roles(
          "EMPLOYEE", "MANAGER");
         auth.inMemoryAuthentication().withUser("susan").password("111").roles(
          "EMPLOYEE", "ADMIN");
         */
    
        // use jdbc aunthetication
        // tell Spring Security to use JDBC authentication with our data source
        auth.jdbcAuthentication().dataSource(securityDataSource);
    
    
    /**
     * Configure security of web paths in application, login, logout etc
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception 
        http.authorizeRequests()
                // .anyRequest().authenticated() // any request to the app must be authenticated
                // (i.e. logging in)
                .antMatchers("/").hasRole("EMPLOYEE").antMatchers("/leaders/**").hasRole("MANAGER")
    
                 // show our custom form at the request mapping "/showMyLoginPage"
                .antMatchers("/systems/**").hasRole("ADMIN").and().formLogin().loginPage("/showLoginPage")
    
                .loginProcessingUrl("/authenticateTheUser") // Login form should POST data to this URL for processing
    
                // (check username & password)
                .usernameParameter("username") // don't add this in spring 5
                .passwordParameter("password") // don't add this in spring 5
    
                .permitAll() // Allow everyone to see login page. No need to be logged in.
                .and().logout().permitAll().and().exceptionHandling().accessDeniedPage("/access-denied");
    
    

    这里是 MvcDispatchServletInitializer

    公共类 AppSpringMvsDispatcherServlerInitializer 扩展 AbstractAnnotationConfigDispatcherServletInitializer

    @Override
    protected Class<?>[] getRootConfigClasses() 
        return new Class[] AppConfig.class;
    
    
    @Override
    protected Class<?>[] getServletConfigClasses() 
        return null;
    
    
    @Override
    protected String[] getServletMappings() 
        return new String[] "/";
    
    

    这里是 SecurityWebApplicationInitializer

    公共类 SecurityWebApplicationInitializer 扩展 AbstractSecurityWebApplicationInitializer

    这里是 pom.xml

    http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0

    <groupId>com.nike.mycoolwebapp</groupId>
    <artifactId>mycoolwebapp</artifactId>
    <version>1.0</version>
    <packaging>war</packaging>
    
    <name>mycoolwebapp</name>
    
    <properties>
        <springframework.version>4.1.6.RELEASE</springframework.version>
        <springsecurity.version>4.0.1.RELEASE</springsecurity.version>
    
        <c3po.version>0.9.5.2</c3po.version>
    
        <maven.compiler.source>1.8</maven.compiler.source>
        <maven.compiler.target>1.8</maven.compiler.target>
    </properties>
    
    <dependencies>
    
        <!-- Spring MVC support -->
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>$springframework.version</version>
        </dependency>
    
        <!-- Spring Security -->
        <!-- spring-security-web and spring-security-config -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>$springsecurity.version</version>
        </dependency>   
    
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>$springsecurity.version</version>
        </dependency>   
    
        <!-- Add Spring Security Taglibs support -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>$springsecurity.version</version>
        </dependency>
    
        <!-- Add MySQL support -->
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>8.0.18</version>
        </dependency>
    
        <!-- Add c3p0 support -->
        <dependency>
            <groupId>com.mchange</groupId>
            <artifactId>c3p0</artifactId>
            <version>$c3po.version</version>
        </dependency>
    
        <!-- Servlet, JSP and JSTL support -->
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.1.0</version>
        </dependency>
    
        <dependency>
            <groupId>javax.servlet.jsp</groupId>
            <artifactId>javax.servlet.jsp-api</artifactId>
            <version>2.3.1</version>
        </dependency>
    
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>jstl</artifactId>
            <version>1.2</version>
        </dependency>
    
        <!-- to compensate for java 9+ not including jaxb -->
        <dependency>
            <groupId>javax.xml.bind</groupId>
            <artifactId>jaxb-api</artifactId>
            <version>2.3.0</version>
        </dependency>
    
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>3.8.1</version>
            <scope>test</scope>
        </dependency>
    
    </dependencies>
    
    <!-- TO DO: Add support for Maven WAR Plugin -->
    <build>
        <finalName>mycoolwebapp</finalName>
    
        <pluginManagement>
            <plugins>
                <plugin>
                    <!-- Add Maven coordinates (GAV) for: maven-war-plugin -->
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-war-plugin</artifactId>
                    <version>3.2.0</version>                    
                </plugin>                       
            </plugins>
        </pluginManagement>
    </build>
    

    这里是 AppController

    @控制器 公共类 AppController

    @RequestMapping(value = "/", method = RequestMethod.GET)
    public String showHome() 
        return "home";
    
    
    // add a request mapping for /leaders
    @RequestMapping(value = "/leaders", method = RequestMethod.GET)
    public String showLeader() 
        return "leaders";
    
    
    // add a request mapping for /systems
    @RequestMapping(value = "/systems", method = RequestMethod.GET)
    public String showAdmin() 
        return "systems";
    
    

    这是登录控制器

    @控制器 公共类登录控制器

    @RequestMapping(value = "/showLoginPage", method = RequestMethod.GET)
    public String showLoginPage() 
        return "fancy-login";
    
    
    // add a request mapping for /access-denied
    @RequestMapping(value = "/access-denied", method = RequestMethod.GET)
    public String showAccessDenied() 
        return "access-denied";
    
    

    这里是 MySQL 表

【问题讨论】:

看看这个链接:***.com/questions/20704656/… 【参考方案1】: 从数据库中删除 noop。 noop 或 bcrypt 在 Spring 5 中。

【讨论】:

以上是关于Spring 4 安全、MySQL、c3p0 连接。登录在 Spring 5 中有效,但在 Spring 4 中无效的主要内容,如果未能解决你的问题,请参考以下文章

c3p0连接池在spring中的配置

使用 c3p0 连接池丢失 MySQL 连接

spring配置c3p0连接池

MySQL 的良好“中间路线”c3p0 配置示例?

spring配置c3p0连接池

Hibernate、Spring 和 c3p0 连接池导致 JBoss 打开过多的数据库连接