Spring Security: configure(AuthenticationManagerBuilder auth)

问题:

I have an entity User with attributes:

• id
• username
• password
• firstname
• lastname
• userrole

Attribute userrole is type of enum and no Set, so 1 userrole/user.

Now I want to do a JDBC authentication.

For now I have:

auth     .jdbcAuthentication()         .dataSource(dataSource)         .usersByUsernameQuery("select username, password from user where username=?")         .authoritiesByUsernameQuery("select username, userrole from user where username=?"); 

But this doesn't work.

How should the query in .usersByUsernameQuery("...") and .authoritiesByUsernameQuery("..."); be formulated?

Error message:

Caused by: org.h2.jdbc.JdbcSQLException: Not allowed value "3" for parameter "columnIndex" Invalid value "3" for parameter "columnIndex" [90008-192] at org.h2.message.DbException.getJdbcSQLException(DbException.java:345) ~[h2-1.4.192.jar:1.4.192] at org.h2.message.DbException.get(DbException.java:179) ~[h2-1.4.192.jar:1.4.192] at org.h2.message.DbException.getInvalidValueException(DbException.java:228) ~[h2-1.4.192.jar:1.4.192] at org.h2.jdbc.JdbcResultSet.checkColumnIndex(JdbcResultSet.java:3172) ~[h2-1.4.192.jar:1.4.192] at org.h2.jdbc.JdbcResultSet.get(JdbcResultSet.java:3200) ~[h2-1.4.192.jar:1.4.192] at org.h2.jdbc.JdbcResultSet.getBoolean(JdbcResultSet.java:541) ~[h2-1.4.192.jar:1.4.192] at org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl$1.mapRow(JdbcDaoImpl.java:223) ~[spring-security-core-4.1.3.RELEASE.jar:4.1.3.RELEASE] at org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl$1.mapRow(JdbcDaoImpl.java:218) ~[spring-security-core-4.1.3.RELEASE.jar:4.1.3.RELEASE] at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:93) ~[spring-jdbc-4.3.3.RELEASE.jar:4.3.3.RELEASE] at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:60) ~[spring-jdbc-4.3.3.RELEASE.jar:4.3.3.RELEASE] at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:697) ~[spring-jdbc-4.3.3.RELEASE.jar:4.3.3.RELEASE] at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:633) ~[spring-jdbc-4.3.3.RELEASE.jar:4.3.3.RELEASE] ... 65 common frames omitted

回答1:

The query for the user needs 3 parameters, see Spring Security Reference:

• users-by-username-query An SQL statement to query a username, password, and enabled status given a username. The default is

select username, password, enabled from users where username = ? 

文章来源: Spring Security: configure(AuthenticationManagerBuilder auth)