Spring 4 安全、MySQL、c3p0 连接。登录在 Spring 5 中有效，但在 Spring 4 中无效

Posted 2023-02-24

【中文标题】Spring 4 安全、MySQL、c3p0 连接。登录在 Spring 5 中有效，但在 Spring 4 中无效

【英文标题】：Spring 4 Security,MySQL, c3p0 connection. Login works in Spring 5, but not in Spring 4

【发布时间】：2020-05-21 12:01:33

【问题描述】：

此代码适用于 Spring 5。但我的公司需要 Spring 4。

在 Spring 4 中，登录使用 inMemoryAuthentication 可以正常工作。但是当我添加jdbc逻辑时（c3p0，mysql依赖&&添加DataSource代码&& JDBC连接，c3p0连接池.properties文件）；服务器运行，登录页面打开，但身份验证失败（用户名/密码不正确）。

这是包结构

这是 .properties 文件的位置和代码。

这是配置类

@配置 @EnableWebMvc @ComponentScan(basePackages = "com.nike.mycoolwebapp") @PropertySource("classpath:persistence-mysql.properties") 公共类 AppConfig

    // set up variable to hold the properties. One can use spring helper classes or use @Autowired
    @Autowired
    private Environment env; // will hold the data read from the properties file

    // set up a logger for diagnostics
    private Logger logger = Logger.getLogger(getClass().getName());

    // define a bean for ViewResolver
    @Bean
    public ViewResolver viewResolver() 

        InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
        viewResolver.setPrefix("/WEB-INF/view/");
        viewResolver.setSuffix(".jsp");

        return viewResolver;
    

    // define a bean for our security datasource
    @Bean
    public DataSource securityDataSource() 

        // create a connection pool
        ComboPooledDataSource securityDatasource  
                = new ComboPooledDataSource();

        // set the jdbc driver
        try 
            securityDatasource.setDriverClass(env.getProperty("jdbc.driver"));
         catch (PropertyVetoException exc) 
            // I'm wrapping this exception as runtime exception. It's unchecked and throwing that,
            // so, at least the system knows if something goes wrong, or if there's a problem
            throw new RuntimeException(exc); 
        

        // log the connection props
        // just for sanity's sake. if it's reading from properties file
        logger.info(">>> jdbc.url= " + env.getProperty("jdbc.url"));
        logger.info(">>> jdbc.user= " + env.getProperty("jdbc.user"));
        logger.info(">>> jdbc.password= " + env.getProperty("jdbc.password"));

        // set the database connection props
        securityDatasource.setJdbcUrl(env.getProperty("jdbc.url"));
        securityDatasource.setUser(env.getProperty("jdbc.user"));
        securityDatasource.setPassword(env.getProperty("jdbc.password"));

        // set the connection pool props
        securityDatasource.setInitialPoolSize(
                getIntProperty("connection.pool.initialPoolSize"));

        securityDatasource.setMinPoolSize(
                getIntProperty("connection.pool.minPoolSize"));

        securityDatasource.setMaxPoolSize(
                getIntProperty("connection.pool.maxPoolSize"));

        securityDatasource.setMaxIdleTime(
                getIntProperty("connection.pool.maxIdleTime"));

        return securityDatasource;
    

    // need a helper method
    // read environment property and convert to int
    private int getIntProperty(String propName) 

        String propValue = env.getProperty(propName);

        // now convert to int
        int intPropValue = Integer.parseInt(propValue);

        return intPropValue;
    

这里是安全配置

@配置 @EnableWebSecurity 公共类 AppSecurityConfig 扩展 WebSecurityConfigurerAdapter

// add a reference to our security data source
@Autowired
private DataSource securityDataSource;

@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception 

    /*
      //inMemoryAuthentication deprecated in latest Spring
      auth.inMemoryAuthentication().withUser("john").password("111").roles(
     "EMPLOYEE");
     auth.inMemoryAuthentication().withUser("mary").password("111").roles(
      "EMPLOYEE", "MANAGER");
     auth.inMemoryAuthentication().withUser("susan").password("111").roles(
      "EMPLOYEE", "ADMIN");
     */

    // use jdbc aunthetication
    // tell Spring Security to use JDBC authentication with our data source
    auth.jdbcAuthentication().dataSource(securityDataSource);


/**
 * Configure security of web paths in application, login, logout etc
 */
@Override
protected void configure(HttpSecurity http) throws Exception 
    http.authorizeRequests()
            // .anyRequest().authenticated() // any request to the app must be authenticated
            // (i.e. logging in)
            .antMatchers("/").hasRole("EMPLOYEE").antMatchers("/leaders/**").hasRole("MANAGER")

             // show our custom form at the request mapping "/showMyLoginPage"
            .antMatchers("/systems/**").hasRole("ADMIN").and().formLogin().loginPage("/showLoginPage")

            .loginProcessingUrl("/authenticateTheUser") // Login form should POST data to this URL for processing

            // (check username & password)
            .usernameParameter("username") // don't add this in spring 5
            .passwordParameter("password") // don't add this in spring 5

            .permitAll() // Allow everyone to see login page. No need to be logged in.
            .and().logout().permitAll().and().exceptionHandling().accessDeniedPage("/access-denied");

这里是 MvcDispatchServletInitializer

公共类 AppSpringMvsDispatcherServlerInitializer 扩展 AbstractAnnotationConfigDispatcherServletInitializer

@Override
protected Class<?>[] getRootConfigClasses() 
    return new Class[] AppConfig.class;


@Override
protected Class<?>[] getServletConfigClasses() 
    return null;


@Override
protected String[] getServletMappings() 
    return new String[] "/";

这里是 SecurityWebApplicationInitializer

公共类 SecurityWebApplicationInitializer 扩展 AbstractSecurityWebApplicationInitializer

这里是 pom.xml

http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0

<groupId>com.nike.mycoolwebapp</groupId>
<artifactId>mycoolwebapp</artifactId>
<version>1.0</version>
<packaging>war</packaging>

<name>mycoolwebapp</name>

<properties>
    <springframework.version>4.1.6.RELEASE</springframework.version>
    <springsecurity.version>4.0.1.RELEASE</springsecurity.version>

    <c3po.version>0.9.5.2</c3po.version>

    <maven.compiler.source>1.8</maven.compiler.source>
    <maven.compiler.target>1.8</maven.compiler.target>
</properties>

<dependencies>

    <!-- Spring MVC support -->
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-webmvc</artifactId>
        <version>$springframework.version</version>
    </dependency>

    <!-- Spring Security -->
    <!-- spring-security-web and spring-security-config -->
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>$springsecurity.version</version>
    </dependency>   

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>$springsecurity.version</version>
    </dependency>   

    <!-- Add Spring Security Taglibs support -->
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-taglibs</artifactId>
        <version>$springsecurity.version</version>
    </dependency>

    <!-- Add MySQL support -->
    <dependency>
        <groupId>mysql</groupId>
        <artifactId>mysql-connector-java</artifactId>
        <version>8.0.18</version>
    </dependency>

    <!-- Add c3p0 support -->
    <dependency>
        <groupId>com.mchange</groupId>
        <artifactId>c3p0</artifactId>
        <version>$c3po.version</version>
    </dependency>

    <!-- Servlet, JSP and JSTL support -->
    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>javax.servlet-api</artifactId>
        <version>3.1.0</version>
    </dependency>

    <dependency>
        <groupId>javax.servlet.jsp</groupId>
        <artifactId>javax.servlet.jsp-api</artifactId>
        <version>2.3.1</version>
    </dependency>

    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>jstl</artifactId>
        <version>1.2</version>
    </dependency>

    <!-- to compensate for java 9+ not including jaxb -->
    <dependency>
        <groupId>javax.xml.bind</groupId>
        <artifactId>jaxb-api</artifactId>
        <version>2.3.0</version>
    </dependency>

    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>3.8.1</version>
        <scope>test</scope>
    </dependency>

</dependencies>

<!-- TO DO: Add support for Maven WAR Plugin -->
<build>
    <finalName>mycoolwebapp</finalName>

    <pluginManagement>
        <plugins>
            <plugin>
                <!-- Add Maven coordinates (GAV) for: maven-war-plugin -->
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-war-plugin</artifactId>
                <version>3.2.0</version>                    
            </plugin>                       
        </plugins>
    </pluginManagement>
</build>

这里是 AppController

@控制器 公共类 AppController

@RequestMapping(value = "/", method = RequestMethod.GET)
public String showHome() 
    return "home";


// add a request mapping for /leaders
@RequestMapping(value = "/leaders", method = RequestMethod.GET)
public String showLeader() 
    return "leaders";


// add a request mapping for /systems
@RequestMapping(value = "/systems", method = RequestMethod.GET)
public String showAdmin() 
    return "systems";

这是登录控制器。

@控制器 公共类登录控制器

@RequestMapping(value = "/showLoginPage", method = RequestMethod.GET)
public String showLoginPage() 
    return "fancy-login";


// add a request mapping for /access-denied
@RequestMapping(value = "/access-denied", method = RequestMethod.GET)
public String showAccessDenied() 
    return "access-denied";

这里是 MySQL 表

【问题讨论】：

看看这个链接：***.com/questions/20704656/…

【参考方案1】：

从数据库中删除 noop。 noop 或 bcrypt 在 Spring 5 中。